Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
5
Helpful
3
Replies

UC certificates expiring, UC functionality

Joe Costello
Level 1
Level 1

‎05-04-2020 10:42 AM

I am on CUCM 10.5.  My certificates will be expiring for my call managers and presence servers.  I did all these certificates initially with a trusted CA, I think Geotrust.  Rarely use Jabber anymore BUT if I let these certificates expire now, will the functionality of the phone system (everything outside of jabber) stop working in any way?  I'm thinking that I might get an error in Jabber connecting to my presence and call manager BUT I don't use Jabber anymore and I just want the phone system itself to function.  Seems like it shouldn't cause an issue because the certificates are mostly just Tomcat certificates for web interface? Thinking to re-architect my whole setup but don't want to buy all the certificates if I don't have to.

 

Thanks in advance

Labels:
0 Helpful
3 Replies 3

Jaime Valencia
Cisco Employee
Cisco Employee

‎05-04-2020 11:45 AM

Short answer is, you should NEVER let your certificates expire and leave them in that state.

If you don't want to use a public CA, you can use either self-signed or private CA.

In either case, you would still need to perform the certificate exchange as required by your configuration to keep the trust between servers.

If you use MRA, you most definitely want a public CA to sign your EXP-E certificate.

 

Jabber documentation explains what certificates are used by Jabber to connect to each server.

HTH

java

if this helps, please rate

Joe Costello
Level 1
Level 1
In response to Jaime Valencia

‎05-04-2020 12:10 PM

Thanks for your response.  I know, the answer is obvious that you shouldn't let the certs expire BUT I was wondering what actually happens when this occurs.  Do the call managers need these certificates to encrypt traffic between themselves?  I was thinking the Tomcat certificates were for web/jabber traffic only and the call managers used self signed certificates to communication between themselves.

 

Thanks

0 Helpful

Roger Kallberg
VIP
VIP
In response to Joe Costello

‎05-04-2020 12:34 PM

As Java wrote it’s not advisable to let any of the certificates expire. If you don’t have a need for public signed certificate, renew it as self-signed or use an internal CA to sign it.



Response Signature


0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents