Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

Unity Connection 7.1 Certificates expiration

Unity Connection stand alone install is complaining about certificates expired.  It's throwing the messages shown at the bottom here on the CLI.  I know I can regenerate the the some of these, But some are trust certs, and are copies of the self signed cert on the same box.  My questions here are:

 

1.  Can I just regenerate the certs that have expired?  Do I have to export them and then go through the process of deleing and reimporting the trust certs that reference the ones I'm regenerating using the new certs so that they reference correctly, or does this happen automatically on a single box install?

 

2.  Is this process disruptive?  Does it need to be done in a maintenance window?

 

 

 

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17990: Jun 10 16:00:00.22 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:tomcat Unit:tomcat Type:own-cert Expiration:Mon Jun 17 00:11:03:000 IST 201 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17991: Jun 10 16:00:00.22 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:ipsec Unit:ipsec Type:own-cert Expiration:Mon Jun 17 00:11:08:000 IST 2013  App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17992: Jun 10 16:00:00.23 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CallManager Unit:CallManager Type:own-cert Expiration:Tue Jun 18 00:18:21:0 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17993: Jun 10 16:00:00.23 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CAPF Unit:CAPF Type:own-cert Expiration:Tue Jun 18 00:18:22:000 IST 2013 /  App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17994: Jun 10 16:00:00.24 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:myUCxNServer Unit:ipsec-trust Type:trust-cert Expiration:Mon Jun 17 00:11 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17995: Jun 10 16:00:00.24 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CAPF-04acde93 Unit:CallManager-trust Type:trust-cert Expiration:Tue Jun 18  App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

Message from syslogd@myUCxNServer at Tue Jun 10 21:30:00 2014 ...
myUCxNServer local7 0 : 17996: Jun 10 16:00:00.24 UTC :  %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM  Message:Certificate expiration Notification. Certificate name:CAPF-04acde93 Unit:CAPF-trust Type:trust-cert Expiration:Tue Jun 18 00:18:2 App ID:Cisco Certificate Monitor Cluster ID: Node ID:myUCxNServer

 

 

 

 

4 REPLIES
New Member

Hello,I've the same issue. I

Hello,

I've the same issue.

 

I've regenerated the certificates. In my setup are all self-server certificates.

 

Eventhough on my UCONN cluster this particular certificate: Unit:ipsec-trust Type:trust-cert didn't get updated and still triggers alarms.

 

Also, I don't have an option to regenerate it. Only Delete or Download.

Any hints?

Thanks,

Rui

I'm talking from memory here,

I'm talking from memory here, so double check the documentation.

I believe you DO have the option to add a new certificate.  What is required is that you have to create a new ipsec-trust certificate, and copy in the cert data from the appropriate certificate on the pub or sub that the cert is used with (i.e. a trust cert for ipsec that is ON the pub, but referencing the sub, would get the data from the ipsec cert on the subscriber).  You have to delete the existing one before you can create a new one as I recall, and then I think you'll need to reboot.

Check the documentation, and consider upgrading.  You're on a system that's past EOL.

New Member

Thanks, do you recall if I

Thanks,

 

do you recall if I need to donwload the ipsec certificate and then import it saying it is ipsec-trust?

 

at this point on Pub I have only the ipsec-trust from the Pub.

On the Sub I have both, from Pub and Sub. The Pub is ok, only the Sub is out of dated...

 

thanks in advacne,

It's something like that, but

It's something like that, but GO CHECK THE DOCUMENTATION.  Don't guess on this or you'll bork it up.

663
Views
0
Helpful
4
Replies
CreatePlease to create content