06-03-2008 02:07 PM - edited 03-15-2019 11:02 AM
We have a customer who has single CM cluster but they want to break in to two separate CCM clusters because of WAN and geographical issues.
When I install the new CCM cluster we are going to use the same phones they have currently using but my problem is right now they are using certificates (CAPF/CTL) to register the phones securely. I have a new set of USB keys with certificates to install on the new cluster if I install that all the phones won't register to new cluster.
Is there any easy way of doing this so I don't have to go to each phone and do a factory reset manually to get the new certificate.
Thanks for your help.
Balukr
06-04-2008 05:37 AM
Balukr,
A suggestion that may work for this is to use BAT to remove the CAPF certificates from the phones that will be migrated to the new cluster.
Hope this helps.
Regards,
Michael.
06-04-2008 06:15 AM
Mike,
Thanks for your response.Existing CM is 4.1.3 I don't remember seeing that CAPF option in BAT tool.Please can you guide me how to do that.
Thanks again.
06-04-2008 06:37 AM
Hi Balukr,
Once you log into BAT, select Configure -> Phones -> CAPF Configuration -> Click Next -> Add Phones to Query -> Next -> Certificate Operation = Delete.
Hope this helps.
Regards,
Michael.
06-04-2008 06:48 AM
I don't know how I missed that ,Thanks.
Just one more question if I delete the certificates then that phone should not look for any certificate and it should register like a regular phone correct.When I move the phones to new cluster after this it should get the new certificates and register with new CAPF correct.
many thanks again..
06-04-2008 07:05 AM
Yes Balukr. Thats correct. Assuming your cluster is currently in Mixed mode, registrations of both secure and non-secure devices is allowed, so they should function in non-secure mode until you are ready to migrate them to the new cluster.
Do perform some testing with one or two phones to prove the concept before migration day.
Regards,
Michael.
07-08-2008 07:46 PM
Even if you delete the certificate it still stays with the phone it only removes from secured connection to CUCM, to remove the cert permanently you have to delete it manually from the phone.
Is there any other workaround or any app's we can run so we don't have to go to each phone to delete the certificate.
07-24-2008 06:25 AM
I am having the same problem.....
but I have another question, that kinda applies. The CAPF Server is only on the Publisher (1st Node). What happens if that server dies and you have to reinstall on new hardware. Are the certificates stored also on the subscriber? What happens when that new Publisher is brought online and the new CAPF can't handle the certificates on the phone? How would you get the phones out of rejected status?
07-24-2008 07:44 AM
As long as if you use the same IP, hostname for PUB and use the same e-tokens it should work fine.
07-30-2008 04:18 AM
Hello,
have you found another workaround to delete the certificate on each phone ?
Best regards.
10-14-2008 01:20 AM
Hi,
I am also interested in this topic:
Has anyone found another workaround to delete the certificate on each phone?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide