cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8191
Views
10
Helpful
4
Replies

CUCM 10.5 Expired CallManager-trust Certificate

ccg-collab1
Level 2
Level 2

Hi Everyone,

 

I have some expired CallManager-trust and Tomcat-trust certificates, and based on the doc. link below:

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc16 

 

"Only service certificates (certificate stores that are not labeled with "-trust") can be regenerated. Certificates in the trust stores (certificate stores that are labeled with "-trust") need to be deleted, as they cannot be regenerated."

 

So i will need to generate another certificate from third party server and upload its newly generated certificate to cucm as CallManager-trust or Tomcat-trust and delete the old expired certificate (Correct me if I'm wrong on this statement).

 

If I'm correct, I just want to know how can I regenerate the certificate with name CAPF-XXXXXXXX (please see below screenshot) because this certificate was already generated after the installation of CUCM

 

Certificate Expired 2.png

 

Hopefully you can help me with this and very much appreciated your answers Thank you !!!

2 Accepted Solutions

Accepted Solutions

Jaime Valencia
Cisco Employee
Cisco Employee

You can use self-signed, which I do not encourage, or you can use CA signed, that's up to you.

You either use the generate self-signed option that shows on the screenshot, or use the generate CSR.

HTH

java

if this helps, please rate

View solution in original post

Rodrigo Garcia
Level 1
Level 1

To regenerate CAPF certificates, just click on Generate Self-signed certificate, select CAPF certificate and click Generate. Then the Cluster Manager and Cisco Certificate Change Notification will automatically propagate the CAPF certificate to the current node and the rest of the nodes as CallManager-trust and CAPF-trust certificates. Then you will just have to manually delete the old CAPF certificates under the CallManager-trust and CAPF-trust stores.

 

Remember to schedule a maintenance window as recreating CAPF certificates will make your phones and devices to restart.

View solution in original post

4 Replies 4

Jaime Valencia
Cisco Employee
Cisco Employee

You can use self-signed, which I do not encourage, or you can use CA signed, that's up to you.

You either use the generate self-signed option that shows on the screenshot, or use the generate CSR.

HTH

java

if this helps, please rate

I will generate new CAPF certificates and revert the result. Thank you so much for the reply.

I will generate new CAPF certificates and revert the result. Thank you so much for the reply.

Rodrigo Garcia
Level 1
Level 1

To regenerate CAPF certificates, just click on Generate Self-signed certificate, select CAPF certificate and click Generate. Then the Cluster Manager and Cisco Certificate Change Notification will automatically propagate the CAPF certificate to the current node and the rest of the nodes as CallManager-trust and CAPF-trust certificates. Then you will just have to manually delete the old CAPF certificates under the CallManager-trust and CAPF-trust stores.

 

Remember to schedule a maintenance window as recreating CAPF certificates will make your phones and devices to restart.