cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Certificate Expiration Notification

637
Views
10
Helpful
2
Comments

This article in specific refers to the VeriSign Class 3 Secure Server CA certificate. Many customers are concerned about their systems generating an alert similar to this:

 

local99 0 : 1: XXXXX: Feb 1 2020 14:00:00.105 UTC : %UC_CERT-0-CertExpired: %[Message=Certificate expiration Notification. Certificate name:VeriSign_Class_3_Secure_Server_CA_-_G3.der Unit:tomcat-trust Type:own-cert ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=UCCX]: Certificate has Expired and needs to be changed at the earliest

 

This alert in specific comes from a UCCX server.

VeriSign Class 3 Secure Server CA is a  pre-configured third party Certificate authority that is used for the Call Home feature in CUCM. Since all UC applications (UCCX, CUC, IM&P, Cisco Finesse, CUIC standalone, etc) share the same platform as CUCM, they also have this pre-configured third party certificate.

 

Workaround: To stop this alert on the affected product, log in to Cisco Unified OS Administration > Security > Certificate Management. Then Click on Find,  go to the 'VeriSign_Class_3_Secure_Server_CA_-_G3' and click on Delete.

 

 

 

Note: The same procedure applies in all applications including CUCM. The only exception would be if you are doing it in CUCM and the Call Home feature is enabled, in that case you can follow the steps below to renew the certificate:

 

Information for Smart Call Home Certificates Renewal

 

 

For more information about Call Home configuration check:

 

Configure CUCM Smart Call Home 

Comments
Beginner

I have similar alert for CUCM ver 9.1. I am not using the CUCM call home server feature. In this can I simply delete the expired certificate VeriSign_Class_3_Secure_Server_CA_-_G3? will this impact any system performance?

Cisco Employee

@Ren Stark Yes, as long as you are not signing your CUCM certificates with that authority and not using Call Home you can just remove that certificate.

No, it doesn't impact server performance.

CreatePlease to create content