01-24-2013 11:48 PM - edited 03-16-2019 03:21 PM
Hello everone!
We are using cisco MIC certificates for TLS between ip phones and Cisco Call Manager.
I was trying to find out the expiration date of these certificates, was unable to find any information.
How can I locate this information in Call Manager?
Thank you!
Solved! Go to Solution.
01-25-2013 04:12 AM
Hi
Yes, that's normal - I have lots on my system. Have a look at your 'CAPF' certificate, this should contani an 'issuer' line that refers to one of the CAPF-xxxxx certs. That will be the current one - check the expiry date on that.
Aaron
01-24-2013 11:56 PM
Hi
Go to
Go to Security/Certificate Management.
Find cisco_manufacturing.pem and clikc on it. Look for this bit:
Issuer: O=Cisco Systems, CN=Cisco Root CA 2048
Validity
Not Before: Jun 10 22:16:01 2005 GMT
Not After : May 14 20:25:42 2029 GMT
Regards
Aaron
01-25-2013 12:08 AM
Thank you Aaron
Do you know what these certificates are used for?
CAP-RTP-001
CAPF-57bc7a82
CAPF-65724a93
CAPF-8f75286b
CAPF-988de453
CallManager
Some of the CAPF-XXXXX certifactes are expired, can it do any harm? Do I need to change them?
01-25-2013 12:27 AM
Hi
These certs:
CAP-RTP-001
CAP-RTP-002
Cisco_Manufacturing_CA
Cisco_Root_CA_2048
Are all from Cisco Manufacturing.
'CallManager' is the certificate used by the CUCM service to identify iftself to the phones; that's what they verify against the ITL.
The CAPF-xxxxxx ones are (as far as I can tell) self-signed certs used as a root certificate to sign the certificate that the CAPF service uses. They seem to renew every year more or less.
My advice would be to not touch any of them - certificates are extremetly important in CM8+ thanks to the introduction of the ITL (https://supportforums.cisco.com/docs/DOC-17679) and you stand a good chance of breaking your cluster if you mess with them.
Unless, of course, it is already broken?
Aaron
01-25-2013 12:34 AM
No, it is not broken, everything is fine.. ))
Just wanted to make sure I wont miss the expiration date.
As I found out half of the CAPF certificates are already expired, half of them expires in 2014, so do I have to renew them?
01-25-2013 12:46 AM
On my system they appear to renew every year (I've never asked the system to do this) and have 5-year expiration periods.
Have none of yours renewed in the last year?
Chances are that you aren't even running the CAPF service - have a look in service activation.
Aaron
01-25-2013 01:45 AM
The CAPF service is running, however I am not sure if they were renewed automatically or no. And the expiration periods are 5 years, even for those which are expired now.
01-25-2013 04:12 AM
Hi
Yes, that's normal - I have lots on my system. Have a look at your 'CAPF' certificate, this should contani an 'issuer' line that refers to one of the CAPF-xxxxx certs. That will be the current one - check the expiry date on that.
Aaron
01-25-2013 04:45 AM
Yeah, right!
Thank you!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: