03-29-2012 12:11 PM - last edited on 03-16-2019 10:22 AM by NikolaIvanov
Hello
I'm looking for some advice and information. We are getting notification from RTMT that some certificates are about to expire on our publisher server. These are tomcat_cert (own), ipsec_cert (own), CalManagerUnit (own), CAPF (own), and CAPF-XXXXXX (trust). As these are self-generated certificates, will they regenerate automatically upon expiration or do we need to take some action?
Thank you!
03-29-2012 09:40 PM
Hi
There is 2 types of certificates, one type is called certificate trust. If the expiring cert is a TRUST (i.e. "CAPF-trust", "CallManager-trust"), you can just click on it, verify that the valid date/time range is expired, and delete it.
The other type is called certificate. If it is certificate type = "certs", then click on the file, and there should be a 'regenerate'option. This will regenerate the certificate and also recreates the new
"CAPF-trust" or "CallManager-trust" certificates with new date/timeranges.
If you are using a Certificate Authority(some people use CA to sign the Tomcat certificate), instead of regenerating the certificates you'll need to click on the certificate, download the CSR, get it signed by your CA and then upload it to CUCM.
So as long as the expired Tomcat certificate is not CA signed certificate, it will be safe to regenerate them.
The impact of the delete/regenerate operation above is minimal. For example, if you delete the trust-cert, then regenerating the corresponding cert will recreate those trust-cert. If you re-generate the cert (for example Tomcat cert), the impact is that you won't see the newly generated certificate when you accessing the CUCM GUI page until
you restarted the 'Cisco Tomcat' service.
Also you don't need to wait before the certificates expire before regenerating.
To check details
Login to platform administration webpage Security > certificate management > display certificate own certificates > Tomcat > next & IPSEC > next
If this is production server, you may contact Cisco TAC before proceeding.
Regards
Ronak patel
Please rate helpful posts by clicking stars below the answer.
04-02-2012 10:54 AM
Thank you Ronak!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide