Delete CAPF certificate

Unanswered Question
Jul 23rd, 2014
User Badges:


Recently, we had an issue in the CUCM cluster as one of the Callmanager-trust certificate was expired and we didn't notice. We had to raise a TAC to regenerate it. Now the cluster is working fine but we are getting alerts on the certificate which was expired. We need to delete that. I need to know, deleting that particular expired certificate will have any impact?


CUCM v9.1.2.12024-1


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jonathan Schulenberg Sat, 07/26/2014 - 16:21
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

CAPF is only used in a mixed-mode cluster where you are using a CTL file and doing authentication or encryption with endpoints and trunks. If your cluster shows Cluster Security Mode = 0 under System > Enterprise Parameters, then you are not doing this and the CAPF process is irrelevant. In that case, it shouldn't even be activated in fact.

If you are running in mixed mode then you need to proceed far more cautiously. This is the certificate that signed all endpoint LSCs and needs to be very carefully replaced. The Security Guide would be a good place to start understanding this feature.


This Discussion