cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
3390
Views
10
Helpful
4
Replies
Highlighted
Explorer

CUCM 10.5 Expired CallManager-trust Certificate

Hi Everyone,

 

I have some expired CallManager-trust and Tomcat-trust certificates, and based on the doc. link below:

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc16 

 

"Only service certificates (certificate stores that are not labeled with "-trust") can be regenerated. Certificates in the trust stores (certificate stores that are labeled with "-trust") need to be deleted, as they cannot be regenerated."

 

So i will need to generate another certificate from third party server and upload its newly generated certificate to cucm as CallManager-trust or Tomcat-trust and delete the old expired certificate (Correct me if I'm wrong on this statement).

 

If I'm correct, I just want to know how can I regenerate the certificate with name CAPF-XXXXXXXX (please see below screenshot) because this certificate was already generated after the installation of CUCM

 

Certificate Expired 2.png

 

Hopefully you can help me with this and very much appreciated your answers Thank you !!!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

You can use self-signed, which I do not encourage, or you can use CA signed, that's up to you.

You either use the generate self-signed option that shows on the screenshot, or use the generate CSR.

HTH

java

if this helps, please rate

View solution in original post

Highlighted
Beginner

To regenerate CAPF certificates, just click on Generate Self-signed certificate, select CAPF certificate and click Generate. Then the Cluster Manager and Cisco Certificate Change Notification will automatically propagate the CAPF certificate to the current node and the rest of the nodes as CallManager-trust and CAPF-trust certificates. Then you will just have to manually delete the old CAPF certificates under the CallManager-trust and CAPF-trust stores.

 

Remember to schedule a maintenance window as recreating CAPF certificates will make your phones and devices to restart.

View solution in original post

4 REPLIES 4
Highlighted
Hall of Fame Cisco Employee

You can use self-signed, which I do not encourage, or you can use CA signed, that's up to you.

You either use the generate self-signed option that shows on the screenshot, or use the generate CSR.

HTH

java

if this helps, please rate

View solution in original post

Highlighted

I will generate new CAPF certificates and revert the result. Thank you so much for the reply.

Highlighted

I will generate new CAPF certificates and revert the result. Thank you so much for the reply.

Highlighted
Beginner

To regenerate CAPF certificates, just click on Generate Self-signed certificate, select CAPF certificate and click Generate. Then the Cluster Manager and Cisco Certificate Change Notification will automatically propagate the CAPF certificate to the current node and the rest of the nodes as CallManager-trust and CAPF-trust certificates. Then you will just have to manually delete the old CAPF certificates under the CallManager-trust and CAPF-trust stores.

 

Remember to schedule a maintenance window as recreating CAPF certificates will make your phones and devices to restart.

View solution in original post

Content for Community-Ad