Showing results for 
Search instead for 
Did you mean: 

Unity Connection 7.1 Certificates expiration

Clifford McGlamry

Unity Connection stand alone install is complaining about certificates expired.  It's throwing the messages shown at the bottom here on the CLI.  I know I can regenerate the the some of these, But some are trust certs, and are copies of the self signed cert on the same box.  My questions here are:


1.  Can I just regenerate the certs that have expired?  Do I have to export them and then go through the process of deleing and reimporting the trust certs that reference the ones I'm regenerating using the new certs so that they reference correctly, or does this happen automatically on a single box install?


2.  Is this process disruptive?  Does it need to be done in a maintenance window?




Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17990: Jun 10 16:00:00.22 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:tomcat Unit:tomcat Type:own-cert Expiration:Mon Jun 17 00:11:03:000 IST 201 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17991: Jun 10 16:00:00.22 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:ipsec Unit:ipsec Type:own-cert Expiration:Mon Jun 17 00:11:08:000 IST 2013  App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17992: Jun 10 16:00:00.23 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CallManager Unit:CallManager Type:own-cert Expiration:Tue Jun 18 00:18:21:0 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17993: Jun 10 16:00:00.23 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CAPF Unit:CAPF Type:own-cert Expiration:Tue Jun 18 00:18:22:000 IST 2013 /  App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17994: Jun 10 16:00:00.24 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:myUCxNServer Unit:ipsec-trust Type:trust-cert Expiration:Mon Jun 17 00:11 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17995: Jun 10 16:00:00.24 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CAPF-04acde93 Unit:CallManager-trust Type:trust-cert Expiration:Tue Jun 18  App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17996: Jun 10 16:00:00.24 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CAPF-04acde93 Unit:CAPF-trust Type:trust-cert Expiration:Tue Jun 18 00:18:2 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer





4 Replies 4

Level 4
Level 4


I've the same issue.


I've regenerated the certificates. In my setup are all self-server certificates.


Eventhough on my UCONN cluster this particular certificate: Unit:ipsec-trust Type:trust-cert didn't get updated and still triggers alarms.


Also, I don't have an option to regenerate it. Only Delete or Download.

Any hints?



I'm talking from memory here, so double check the documentation.

I believe you DO have the option to add a new certificate.  What is required is that you have to create a new ipsec-trust certificate, and copy in the cert data from the appropriate certificate on the pub or sub that the cert is used with (i.e. a trust cert for ipsec that is ON the pub, but referencing the sub, would get the data from the ipsec cert on the subscriber).  You have to delete the existing one before you can create a new one as I recall, and then I think you'll need to reboot.

Check the documentation, and consider upgrading.  You're on a system that's past EOL.



do you recall if I need to donwload the ipsec certificate and then import it saying it is ipsec-trust?


at this point on Pub I have only the ipsec-trust from the Pub.

On the Sub I have both, from Pub and Sub. The Pub is ok, only the Sub is out of dated...


thanks in advacne,

It's something like that, but GO CHECK THE DOCUMENTATION.  Don't guess on this or you'll bork it up.