I'm looking for some advice and information. We are getting notification from RTMT that some certificates are about to expire on our publisher server. These are tomcat_cert (own), ipsec_cert (own), CalManagerUnit (own), CAPF (own), and CAPF-XXXXXX (trust). As these are self-generated certificates, will they regenerate automatically upon expiration or do we need to take some action?
There is 2 types of certificates, one type is called certificate trust. If the expiring cert is a TRUST (i.e. "CAPF-trust", "CallManager-trust"), you can just click on it, verify that the valid date/time range is expired, and delete it.
The other type is called certificate. If it is certificate type = "certs", then click on the file, and there should be a 'regenerate'option. This will regenerate the certificate and also recreates the new
"CAPF-trust" or "CallManager-trust" certificates with new date/timeranges.
If you are using a Certificate Authority(some people use CA to sign the Tomcat certificate), instead of regenerating the certificates you'll need to click on the certificate, download the CSR, get it signed by your CA and then upload it to CUCM.
So as long as the expired Tomcat certificate is not CA signed certificate, it will be safe to regenerate them.
The impact of the delete/regenerate operation above is minimal. For example, if you delete the trust-cert, then regenerating the corresponding cert will recreate those trust-cert. If you re-generate the cert (for example Tomcat cert), the impact is that you won't see the newly generated certificate when you accessing the CUCM GUI page until
you restarted the 'Cisco Tomcat' service.
Also you don't need to wait before the certificates expire before regenerating.
To check details
Login to platform administration webpage Security > certificate management >
display certificate own certificates > Tomcat > next & IPSEC > next
If this is production server, you may contact Cisco TAC before proceeding.
Please rate helpful posts by clicking stars below the answer.
Rate all helpful post by clicking stars below the answer.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...