Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

CUCM : TVS cert expired

Hello Guys,

I have a cluster of CUCM version 10.5.2.

I have my TVS cert who is expired. I must regenerate it in few days.

My problem is that I 'm not sure of the process that I need apply.

I found this document  

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

TVS impact the ITL file of each phone and I want avoid all problem with ITL file.

So I think use the prepare Cluster for Rollback to pre 8.0 feature. This process is explain in the doc. But I have a question on this process.

I think follow the following step

So I check the feature. All phones reset and the itl file 'll be blank.

I stop the TFTP service for each node.

I regenerate the TVS cert

I restart the TVS service

I Restart the TFTP servers.

The phone 'll get the new ITL file.

So my question is: When I must regenerate the TVS cert? Is it the good step order?

Thanks

Regards

Sébastien

  • Unified Communications Applications
3 REPLIES
VIP Gold

Hi Sébastien,

Hi Sébastien,

If you are regenerating only the TVS certificate, then there is no need to use the prepare Cluster for Rollback to pre 8.0 feature at all.

You can regenerate the TVS cert and restart the required services. That should do. The other processes and precautions are needed in case if any other cert also expires and you need to regenerate TVS along with the other certificates in the system.

Just follow the below:

TVS Trust Verification Service (on respective server) G: Cisco Unified Serviceability > Tools > Control Center - Network Services > (Select Server) > select "Cisco Trust Verification Service" > Restart

HTH

Rajan

Pls rate all useful posts

VIP Gold

Just to add, if you are

Just to add, if you are regenerating TVS certs on all servers, do it one by one as mentioned in the below discussion:

https://supportforums.cisco.com/discussion/12734601/cluster-wide-tvs-regeneration

Also I assume your cluster is non-secure.

Hello Rajan

Hello Rajan

Thanks for your update.

FYI, the cluster is in Mixed mode. I have  2 expired cert. (TVS and callmanager)

It's the publisher.

I think regenerate the callmanager cert and update the CTL file before the TVS.

But I'understood well your link, if the Pub is not in CUCM group and the Call manager service is stopped, the TVS from the pub will not use by the phones. Right?

If yes, it's more easy to stop the call manager service and remove the Pub of CUCM Group.

If no, I 'll regenerate the TVS and restart TVS service.

Thanks

2
Views
0
Helpful
3
Replies
This widget could not be displayed.