Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

CUCM : TVS cert expired

Hello Guys,

I have a cluster of CUCM version 10.5.2.

I have my TVS cert who is expired. I must regenerate it in few days.

My problem is that I 'm not sure of the process that I need apply.

I found this document

TVS impact the ITL file of each phone and I want avoid all problem with ITL file.

So I think use the prepare Cluster for Rollback to pre 8.0 feature. This process is explain in the doc. But I have a question on this process.

I think follow the following step

So I check the feature. All phones reset and the itl file 'll be blank.

I stop the TFTP service for each node.

I regenerate the TVS cert

I restart the TVS service

I Restart the TFTP servers.

The phone 'll get the new ITL file.

So my question is: When I must regenerate the TVS cert? Is it the good step order?




  • Unified Communications Applications
VIP Gold

Hi Sébastien,

Hi Sébastien,

If you are regenerating only the TVS certificate, then there is no need to use the prepare Cluster for Rollback to pre 8.0 feature at all.

You can regenerate the TVS cert and restart the required services. That should do. The other processes and precautions are needed in case if any other cert also expires and you need to regenerate TVS along with the other certificates in the system.

Just follow the below:

TVS Trust Verification Service (on respective server) G: Cisco Unified Serviceability > Tools > Control Center - Network Services > (Select Server) > select "Cisco Trust Verification Service" > Restart



Pls rate all useful posts

VIP Gold

Just to add, if you are

Just to add, if you are regenerating TVS certs on all servers, do it one by one as mentioned in the below discussion:

Also I assume your cluster is non-secure.

Hello Rajan

Hello Rajan

Thanks for your update.

FYI, the cluster is in Mixed mode. I have  2 expired cert. (TVS and callmanager)

It's the publisher.

I think regenerate the callmanager cert and update the CTL file before the TVS.

But I'understood well your link, if the Pub is not in CUCM group and the Call manager service is stopped, the TVS from the pub will not use by the phones. Right?

If yes, it's more easy to stop the call manager service and remove the Pub of CUCM Group.

If no, I 'll regenerate the TVS and restart TVS service.


This widget could not be displayed.