Cisco Cisco Unified Contact Center Enterprise 8.5(1)
Serviceability Best Practices Guide for Unified ICM/Contact Center Enterprise & Hosted
©2011 Cisco Systems, Inc.
161
/certhash: specifies the SHA-1 thumbprint of the certificate; required only when binding a
specific certificate, which exists in the certificate store, to a port.
specific certificate, which exists in the certificate store, to a port.
/logpath: specifies the path where the log file should be created; by default it is the
current folder.
current folder.
The following table explains each task:
Table 10-3: Diagnostic Framework Certificate Manager Utility Tasks
Task
Description
CreateAndBindCert
Creates a self signed certificate in the local computer personal
certificate store and binds it with HTTP service on the given port.
certificate store and binds it with HTTP service on the given port.
[Used by ICM-CCE-CCH Install]
BindCertFromStore
Looks up the certificate provided by /certhash argument in
certificate store and binds it with the HTTP service on the given
port.
certificate store and binds it with the HTTP service on the given
port.
UnbindCert
Removes the certificate binding from the specified port, does not
modify any certificate in the store
modify any certificate in the store
UnbindAndDeleteCert
Removes the certificate binding from the specified port. Also,
deletes the self signed certificate created by CreateAndBindCert
option.
deletes the self signed certificate created by CreateAndBindCert
option.
[Used by ICM-CCE-CCH Uninstall]
ValidateCertBinding
Verifies the certificate binding on the specified port and confirms
its presence in the local computer certificate store.
its presence in the local computer certificate store.
Diagnostic Framework Certificate Manager utility stores the thumbprint (SHA-1 hash) of the
self signed certificate created by the utility and the certificate used by the Diagnostic
Framework service in the registry at the following location respectively:
self signed certificate created by the utility and the certificate used by the Diagnostic
Framework service in the registry at the following location respectively:
HKLM\SOFTWARE\Cisco Systems, Inc.\ICM\Serviceability\
DiagnosticFramework\SelfSignedCertCreatedForDiagFwSvc
DiagnosticFramework\SelfSignedCertCreatedForDiagFwSvc
HKLM\SOFTWARE\Cisco Systems, Inc.\ICM\Serviceability\
DiagnosticFramework\CertUsedByDiagFwSvc
DiagnosticFramework\CertUsedByDiagFwSvc
Unless the certificate used by the service is changed manually, both registry values will be
the same.
the same.