Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Zombie Tomcat Certificates

I recently installed new tomcat certificates on my cluster. After installing the certificates, I restarted the Cisco Tomcat service on every node, and deleted all the old certificates from the tomcat-trust store.

Even though I'm sure I've purged all the old certificiates, I'm still getting RMT alerts for certificates about to expire. Sure enough, when I go back to CUCM, I see the old certificates that I'd replaced & deleted have re-appeared.

I've re-restarted the Cisco Tomcat service, but still no joy.

How are these Tomcat certificates managing to rise from the dead? And how do I kill these Zombies?

Thanks,

GTG

Please rate all helpful posts.
1 REPLY
Cisco Employee

Zombie Tomcat Certificates

This describes what has to be done, https://tools.cisco.com/bugsearch/bug/CSCto86463.  In summary the Certificate Change Notification Service has to be stopped on all nodes before deleting the certificates.  Once the old tomcat certificate has been deleted from all nodes you can start the Certificate Change Notification Service again and the certificate should no longer re-appear.

188
Views
0
Helpful
1
Replies
CreatePlease to create content