Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3016
Views
23
Helpful
7
Replies

CUCM - Tomcat.der certificate expired

Go to solution
S N
Level 1
Level 1

‎08-04-2014 09:47 PM - edited ‎03-19-2019 08:27 AM

 

 I got an RTMT alert related to tomcat.der certificate expired.

 

 At Mon Aug 04 21:00:16 CDT 2014 on node 10.203.12.10, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Aug  4 21:00:01 CUCM01 local7 2 : 195: CUCM01.TEST.COM: Aug 05 2014 02:00:01.21 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:tomcat.der Unit:tomcat Type:own-cert Expiration:Wed Aug 6 14:42:00:000 CDT ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CUCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 

NodeID : CUCM01

 Could you please help me how to solve this problem.

 

Regards

Sathya

 

 

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎08-04-2014 10:09 PM

Regenerate the certificate if it's self signed, or generate a new CSR and have your CA sign it, then upload it.

HTH

java

if this helps, please rate

View solution in original post

7 Replies 7

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎08-04-2014 10:09 PM

Regenerate the certificate if it's self signed, or generate a new CSR and have your CA sign it, then upload it.

HTH

java

if this helps, please rate

Go to solution
S N
Level 1
Level 1
In response to Jaime Valencia

‎08-04-2014 10:28 PM

 Thanks Jaime.

 How can I find whether the previous certificate is self signed or not.

Please confirm

1. whether the new certificate can be upload after the previous certificate is expired, will there be any problem.

2. Any services or server needs to be rebooted.

3. How can we verify whether the certificates are proper.

 

Regards

Sathya

0 Helpful

Go to solution
Gordon Ross
Level 9
Level 9
In response to S N

‎08-04-2014 11:46 PM

How can I find whether the previous certificate is self signed or not.

Two methods:

 

1 - Go to OS Administration ( https://SERVER/cmplatform/ )  and login. (Remember, this is the operating system ID and password and NOT the ID/Password you use to login to ccmadmin with.) Go to Security -> Certificate Management and click find. This will list all your certificates. The tomcat one is usually at the top. The right hand column will tell you if it's self-signed or not.

2 - Go to https://SERVER/cmplatform (no need to login) and click on the padlock to examine the certificate.

 

whether the new certificate can be upload after the previous certificate is expired, will there be any problem.

 

You can replace a certificate any time you want. You don't have to replace an expired certificate - but it's good practise too. (And it stops those annoying emails too!)

 

Any services or server needs to be rebooted.

 

For the Tomcat certificate, you have to restart the Tomcat service. This can only be done from the server CLI. So either login to the console, or SSH in (again, with the operating system ID & password) and type the command "utils service restart Cisco Tomcat" (NOTE: This is CaSe SeNsItIvE) Whilst this is restarting, all the web apps (ccmadmin, cmplatform, etc.) will be offline.

 

How can we verify whether the certificates are proper.

 

Not sure what you mean by this. If you mean: "How can I be sure the server is using the new certificate?" go to https://SERVER/ccmadmin and in your browser click the padlock to examine the certificate. HINT: You *may* have to restart your browser for it to notice the certificate change.

 

GTG

Please rate all helpful posts.

Go to solution
S N
Level 1
Level 1
In response to Gordon Ross

‎08-05-2014 03:43 AM

Thanks for the explanation.

Last doubt : What is the impact if the certificate got expired.

Regards

Sathya

0 Helpful

Go to solution
Gordon Ross
Level 9
Level 9
In response to S N

‎08-05-2014 03:44 AM

Annoying emails and people getting scary Certificate Expired warnings.

 

GTG

Please rate all helpful posts.
0 Helpful

Go to solution
dharambirku
Level 1
Level 1
In response to S N

‎06-11-2015 05:01 AM

Hi

Can anyone helpin

How can we Regenerate the certificate if it's self signed, or

How to generate a new CSR and have your CA sign it, then upload it. -

0 Helpful

Go to solution
Gordon Ross
Level 9
Level 9
In response to dharambirku

‎06-11-2015 05:16 AM

How can we Regenerate the certificate if it's self signed,

Click the "Generate Self-Signed" button in OS Administration -> Security -> Certificate Management

How to generate a new CSR and have your CA sign it, then upload it

Click the "Generate CSR" button. Once complete, click the "Download CSR" button.  Give the downloaded CSR to your CA. They'll return your signed certificate. In OS Administration -> Security -> Certificate Management then click "Upload Certificate/Certificate Chain"

 

GTG

Please rate all helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents