https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162845#M44196 <P>Simple answer is that you should <STRONG>NEVER</STRONG> let your system work with expired certificates.</P> <P>If you don't want to pay for CA certs, or don't want to get internal CA certs, you can just use self-signed certificates.</P> <P>&nbsp;</P> <P>As to your questions to the call flows and tomcat, <STRONG>strongly</STRONG> suggest you review the documentation related to the usage of each certificate to understand when they're used.</P> Wed, 07 Oct 2020 14:18:28 GMT Jaime Valencia 2020-10-07T14:18:28Z https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162787#M44192 <P>Hi All,</P><P>&nbsp;</P><P>I am currently working on a cluster where Tomcat certificates are going to be expired in the coming week, and I am seeking help with the below query's:</P><P>&nbsp;</P><P>We are not using Jabber/Extension Mobility, do I still need to renew the certs between CUCM/CUC nodes?</P><P>CUCM_A----SIP----CUC_A (Tomcats will be expired) Do I need to renew for this scenario?</P><P>CUCMCluster_A----SIP----CUCMCluster_B (Tomcats will be expired) Do I need to renew for this scenario?</P><P>&nbsp;</P><P>CUC/CUCM 10.5</P><P>&nbsp;</P><P>Thanks</P> Wed, 07 Oct 2020 13:18:04 GMT https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162787#M44192 VishalGupta8467 2020-10-07T13:18:04Z https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162801#M44193 <P>U should renew the certificates.&nbsp;</P><P>&nbsp;</P><P>if self signed &nbsp;certificate you can regenerate the certificate from CUCM.&nbsp;</P><P>if CA signed get it signed from CA using the CSR.</P> Wed, 07 Oct 2020 13:31:28 GMT https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162801#M44193 Nithin Eluvathingal 2020-10-07T13:31:28Z https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162845#M44196 <P>Simple answer is that you should <STRONG>NEVER</STRONG> let your system work with expired certificates.</P> <P>If you don't want to pay for CA certs, or don't want to get internal CA certs, you can just use self-signed certificates.</P> <P>&nbsp;</P> <P>As to your questions to the call flows and tomcat, <STRONG>strongly</STRONG> suggest you review the documentation related to the usage of each certificate to understand when they're used.</P> Wed, 07 Oct 2020 14:18:28 GMT https://community.cisco.com/t5/collaboration-applications/ca-signed-tomcat-expired-need-advice-on-renewal/m-p/4162845#M44196 Jaime Valencia 2020-10-07T14:18:28Z