Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Certificate Expiration Notification CallManager 5.1 RTMT Expiry Monitor


I'm looking for some advice and information.  We are getting notification from RTMT that some certificates are about to expire on our publisher server.  These are tomcat_cert (own), ipsec_cert (own), CalManagerUnit (own), CAPF (own), and CAPF-XXXXXX (trust).  As these are self-generated certificates, will they regenerate automatically upon expiration or do we need to take some action?

Thank you!


Re: Certificate Expiration Notification CallManager 5.1 RTMT Exp


There is 2 types of certificates, one type is called certificate trust. If the expiring cert is a TRUST (i.e. "CAPF-trust", "CallManager-trust"), you can just click on it, verify that the valid date/time range is expired, and delete it.

The other type is called certificate. If it is certificate type = "certs", then click on the file, and there should be a 'regenerate'option. This will regenerate the certificate and also recreates the new

"CAPF-trust" or "CallManager-trust" certificates with new date/timeranges.

If you are using a Certificate Authority(some people use CA to sign the Tomcat certificate), instead of regenerating the certificates you'll need to click on the certificate, download the CSR, get it signed by your CA and then upload it to CUCM.

So as long as the expired Tomcat certificate is not CA signed certificate, it will be safe to regenerate them.

The impact of the delete/regenerate operation above is minimal. For example, if you delete the trust-cert, then regenerating the corresponding cert will recreate those trust-cert. If you re-generate the cert (for example Tomcat cert), the impact is that you won't see the newly generated certificate when you accessing the CUCM GUI page until

you restarted the 'Cisco Tomcat' service.

Also you don't need to wait before the certificates expire before regenerating.

To check details

Login to platform administration webpage Security > certificate management >
display certificate own certificates > Tomcat > next & IPSEC > next 

If this is production server, you may contact Cisco TAC before proceeding.


Ronak patel

Please rate helpful posts by clicking stars below the answer.

Regards Ronak Patel Rate all helpful post by clicking stars below the answer.

Re: Certificate Expiration Notification CallManager 5.1 RTMT Exp

Thank you Ronak!

CreatePlease to create content