cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3623
Views
10
Helpful
2
Comments
ricarlovesit
Cisco Employee
Cisco Employee

This article in specific refers to the VeriSign Class 3 Secure Server CA certificate. Many customers are concerned about their systems generating an alert similar to this:

 

local99 0 : 1: XXXXX: Feb 1 2020 14:00:00.105 UTC : %UC_CERT-0-CertExpired: %[Message=Certificate expiration Notification. Certificate name:VeriSign_Class_3_Secure_Server_CA_-_G3.der Unit:tomcat-trust Type:own-cert ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=UCCX]: Certificate has Expired and needs to be changed at the earliest

 

This alert in specific comes from a UCCX server.

VeriSign Class 3 Secure Server CA is a  pre-configured third party Certificate authority that is used for the Call Home feature in CUCM. Since all UC applications (UCCX, CUC, IM&P, Cisco Finesse, CUIC standalone, etc) share the same platform as CUCM, they also have this pre-configured third party certificate.

 

Workaround: To stop this alert on the affected product, log in to Cisco Unified OS Administration > Security > Certificate Management. Then Click on Find,  go to the 'VeriSign_Class_3_Secure_Server_CA_-_G3' and click on Delete.

 

 

 

Note: The same procedure applies in all applications including CUCM. The only exception would be if you are doing it in CUCM and the Call Home feature is enabled, in that case you can follow the steps below to renew the certificate:

 

Information for Smart Call Home Certificates Renewal

 

 

For more information about Call Home configuration check:

 

Configure CUCM Smart Call Home 

Comments
Ren Stark
Level 1
Level 1

I have similar alert for CUCM ver 9.1. I am not using the CUCM call home server feature. In this can I simply delete the expired certificate VeriSign_Class_3_Secure_Server_CA_-_G3? will this impact any system performance?

ricarlovesit
Cisco Employee
Cisco Employee

@Ren Stark Yes, as long as you are not signing your CUCM certificates with that authority and not using Call Home you can just remove that certificate.

No, it doesn't impact server performance.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: