Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN Phones - SSL Cert Renewal

Hi all,

This is my first post here!

Right a problem i have has this week is that we run Call Manager 8.6 with 10 x 9951 VPN phones dotted around externally. These were working fine until our SSL cert ran out on our ASA and we had to change this on the ASA and Call Manager, which in turn knocked off the VPN phones as the certs don't now match.

I have tried putting the old cert back on the firewall and got the phones on, then tried to change the CAPF settings on the device to install/upgrade to new one and no changes would apply so that didnt work.

The only option im told is to get the phones back into base or do a site to site VPN. A bit ridiculous as if you get a 10 year cert for your ASA, send all your phones out and then 1 days later your cert is compromised and you have to revoke it, thus rendering all your VPN phones dead.

So my questions are.

1) Does anybody know a way around this?

2) Does anyone know the correct procedure for changing a cert and does it always involve them being returned to base?

Any help appreciated.



Everyone's tags (5)