Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8190
Views
10
Helpful
4
Replies

CUCM 10.5 Expired CallManager-trust Certificate

Go to solution
ccg-collab1
Level 2
Level 2

‎02-19-2019 05:21 AM

Hi Everyone,

 

I have some expired CallManager-trust and Tomcat-trust certificates, and based on the doc. link below:

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc16 

 

"Only service certificates (certificate stores that are not labeled with "-trust") can be regenerated. Certificates in the trust stores (certificate stores that are labeled with "-trust") need to be deleted, as they cannot be regenerated."

 

So i will need to generate another certificate from third party server and upload its newly generated certificate to cucm as CallManager-trust or Tomcat-trust and delete the old expired certificate (Correct me if I'm wrong on this statement).

 

If I'm correct, I just want to know how can I regenerate the certificate with name CAPF-XXXXXXXX (please see below screenshot) because this certificate was already generated after the installation of CUCM

 

Certificate Expired 2.png

 

Hopefully you can help me with this and very much appreciated your answers Thank you !!!

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎02-19-2019 06:55 AM

You can use self-signed, which I do not encourage, or you can use CA signed, that's up to you.

You either use the generate self-signed option that shows on the screenshot, or use the generate CSR.

HTH

java

if this helps, please rate

View solution in original post

Go to solution
Rodrigo Garcia
Level 1
Level 1

‎02-19-2019 07:14 AM

To regenerate CAPF certificates, just click on Generate Self-signed certificate, select CAPF certificate and click Generate. Then the Cluster Manager and Cisco Certificate Change Notification will automatically propagate the CAPF certificate to the current node and the rest of the nodes as CallManager-trust and CAPF-trust certificates. Then you will just have to manually delete the old CAPF certificates under the CallManager-trust and CAPF-trust stores.

 

Remember to schedule a maintenance window as recreating CAPF certificates will make your phones and devices to restart.

View solution in original post

4 Replies 4

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎02-19-2019 06:55 AM

You can use self-signed, which I do not encourage, or you can use CA signed, that's up to you.

You either use the generate self-signed option that shows on the screenshot, or use the generate CSR.

HTH

java

if this helps, please rate

Go to solution
ccg-collab1
Level 2
Level 2
In response to Jaime Valencia

‎02-21-2019 05:51 PM

I will generate new CAPF certificates and revert the result. Thank you so much for the reply.

0 Helpful

Go to solution
ccg-collab1
Level 2
Level 2
In response to ccg-collab1

‎02-21-2019 05:51 PM

I will generate new CAPF certificates and revert the result. Thank you so much for the reply.

0 Helpful

Go to solution
Rodrigo Garcia
Level 1
Level 1

‎02-19-2019 07:14 AM

To regenerate CAPF certificates, just click on Generate Self-signed certificate, select CAPF certificate and click Generate. Then the Cluster Manager and Cisco Certificate Change Notification will automatically propagate the CAPF certificate to the current node and the rest of the nodes as CallManager-trust and CAPF-trust certificates. Then you will just have to manually delete the old CAPF certificates under the CallManager-trust and CAPF-trust stores.

 

Remember to schedule a maintenance window as recreating CAPF certificates will make your phones and devices to restart.

Customers Also Viewed These Support Documents