I got an RTMT alert related to tomcat.der certificate expired.
At Mon Aug 04 21:00:16 CDT 2014 on node 10.203.12.10, the following SyslogSeverityMatchFound events generated:
SeverityMatch : Critical
MatchedEvent : Aug 4 21:00:01 CUCM01 local7 2 : 195: CUCM01.TEST.COM: Aug 05 2014 02:00:01.21 UTC : %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:tomcat.der Unit:tomcat Type:own-cert Expiration:Wed Aug 6 14:42:00:000 CDT ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CUCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID :
NodeID : CUCM01
Could you please help me how to solve this problem.
How can I find whether the previous certificate is self signed or not.
1 - Go to OS Administration ( https://SERVER/cmplatform/ ) and login. (Remember, this is the operating system ID and password and NOT the ID/Password you use to login to ccmadmin with.) Go to Security -> Certificate Management and click find. This will list all your certificates. The tomcat one is usually at the top. The right hand column will tell you if it's self-signed or not.
whether the new certificate can be upload after the previous certificate is expired, will there be any problem.
You can replace a certificate any time you want. You don't have to replace an expired certificate - but it's good practise too. (And it stops those annoying emails too!)
Any services or server needs to be rebooted.
For the Tomcat certificate, you have to restart the Tomcat service. This can only be done from the server CLI. So either login to the console, or SSH in (again, with the operating system ID & password) and type the command "utils service restart Cisco Tomcat" (NOTE: This is CaSe SeNsItIvE) Whilst this is restarting, all the web apps (ccmadmin, cmplatform, etc.) will be offline.
How can we verify whether the certificates are proper.
Not sure what you mean by this. If you mean: "How can I be sure the server is using the new certificate?" go to https://SERVER/ccmadmin and in your browser click the padlock to examine the certificate. HINT: You *may* have to restart your browser for it to notice the certificate change.
How can we Regenerate the certificate if it's self signed,
Click the "Generate Self-Signed" button in OS Administration -> Security -> Certificate Management
How to generate a new CSR and have your CA sign it, then upload it
Click the "Generate CSR" button. Once complete, click the "Download CSR" button. Give the downloaded CSR to your CA. They'll return your signed certificate. In OS Administration -> Security -> Certificate Management then click "Upload Certificate/Certificate Chain"
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...