cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays

regenerate the certificate, will IPT try to upgrade??

253
Views
5
Helpful
6
Comments
Participant

We have seen some IPTs fail to register with CUCM after regenerating self-singed certificates in CUCM.

If you regenerate the certificate, will IPT try to upgrade??

6 Comments
VIP Advocate

Go to the document part of this forum and search for a document that I’ve made about certificates and renewal of them in Cisco UC systems.

VIP Advocate
Participant

I witnessed the phone unregistering in CM for a while after regenerating the certificate.

Re-registering within 20 seconds.

 

인증서1.jpg인증서2.jpg

VIP Advocate

The fact that your phone says "Defaulting to TFTP server" indicates that there is a problem in the registration sequence. Have a look at this post to better understand the boot up sequence. https://community.cisco.com/t5/collaboration-voice-and-video/ip-phone-registration-issues/ta-p/3136426

Participant

When to Regenerate Certificates?

Most of the certificates used in CUCM after a fresh installation are self-signed certificates issued, by default, for five years. Note that the five-year time range currently cannot be modified to be a shorter range of time on CUCM. However, a Certificate Authority (CA) can issue certificates for nearly any range of time.

There are also some trusted certificates (such as CAPF-trust and CallManager-trust) that are preloaded and have a longer validity period. For example, the Manufacturing CA certificate is provided on CUCM trust stores to specific features and does not expire until the year 2029.

Participant
 
 

certregen.JPG

Content for Community-Ad
This widget could not be displayed.