06-11-2019 05:30 AM
Hello,
There are several expired certificates are exist in the current production call manager and unity connection nodes.
The active certificates are exist but I need to clean up these expired certificates since I keep on getting RTMT alerts for this.
Moreover, I have a plan to migrate this current cucm from physical to virtual server.
Should these expired certificates delete before migration?
Doing migration without deleting the expired certificates will cause any issues?
Can I simply delete the expired certificates? Should I look into any dependency for these certificates?
Please reply with your valuable suggestion
06-11-2019 05:53 AM
06-11-2019 07:08 AM
Which certificate?
service certificate?
or x-trust certificates?
06-11-2019 07:27 AM
I have regenerated all the service certs(CUCM, tomcat, TVS, etc.), it's all valid now.
But I do have some x-trust expired certs. I give up to delete the expired certs because I am not sure deleting the expired certs will leads to some issues.
How do I verify the trust cert for each node?
The cluster got 6 nodes (1 pub, 4 sub & 1 TFTP) so each node should have 5 (x-trust) trust certs for other nodes?
Can I simply delete the expired x-trust certificates?
06-11-2019 08:21 AM
Hi,
First, identify which certificates are expired or no longer required for your system. CUCM base Certificates cannot be deleted (i.e. CallMananger, IPSEC, Tomcat, CAPF, TVS). but any trust certificate can be deleted.
As per attached document, please follow the section Deleting Expired Trust Certificates. I had similar issue in the past and I received this document from Cisco TAC.
06-12-2019 03:54 AM
Thanks for the details.
Is it mandatory to restart the CUCM services after deleting expired certificates?
Is it mandatory to clean up the expired CUCM certificate before starting the migration process?
06-12-2019 04:06 AM - edited 06-12-2019 05:22 AM
Is it mandatory to restart the CUCM services after deleting expired certificates?
Yes, it is mandatory to restart CUCM services.
Is it mandatory to clean up the expired CUCM certificate before starting the migration process?
It is best practice to clean up the expired CUCM certificates before doing any upgrade or migration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide