This article in specific refers to the VeriSign Class 3 Secure Server CA certificate. Many customers are concerned about their systems generating an alert similar to this:
local99 0 : 1: XXXXX: Feb 1 2020 14:00:00.105 UTC : %UC_CERT-0-CertExpired: %[Message=Certificate expiration Notification. Certificate name:VeriSign_Class_3_Secure_Server_CA_-_G3.der Unit:tomcat-trust Type:own-cert ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=UCCX]: Certificate has Expired and needs to be changed at the earliest
This alert in specific comes from a UCCX server.
VeriSign Class 3 Secure Server CA is a pre-configured third party Certificate authority that is used for the Call Home feature in CUCM. Since all UC applications (UCCX, CUC, IM&P, Cisco Finesse, CUIC standalone, etc) share the same platform as CUCM, they also have this pre-configured third party certificate.
Workaround: To stop this alert on the affected product, log in to Cisco Unified OS Administration > Security > Certificate Management. Then Click on Find, go to the 'VeriSign_Class_3_Secure_Server_CA_-_G3' and click on Delete.
Note: The same procedure applies in all applications including CUCM. The only exception would be if you are doing it in CUCM and the Call Home feature is enabled, in that case you can follow the steps below to renew the certificate:
For more information about Call Home configuration check:
Configure CUCM Smart Call Home
