cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
0
Helpful
8
Replies

I have a question about renewing the certificate !!

SeungHyeon IM
Beginner
Beginner

I wonder what kind of problem will occur if I don't renew the certificate of PCCE solution.

Is there a function that doesn't work if I don't renew the certificate of the PCCE?

 

2 Accepted Solutions

Accepted Solutions

Actually @Roger Kallberg wrote an article on here about renewing the UC Certificates.

Cisco UC Certificates Renewal Guide 

There are SEVERAL certificates that have to be renewed, but I think you only need to buy ONE or two perhaps - we use a wildcard certificate where we can use it for several different purposes. Some certificates just have to be self-signed, and need no purchases.

 

View solution in original post

Thank you @rikardkrvaric for posting the link to the document. It does not per see cover UCCE/PCCE, but it does have information for many other UC systems. From my experience the only certificate that needs to be signed by a public CA is the one on the Expressway E(s), the other that are signed can be signed by an internal CA. As mentioned many of the certificates are not signed by a CA, but self signed and that works perfectly fine. All this said as I wrote earlier all certificates should at all times be kept valid, that’s an integral part of the circle of trust in PKI. 



Response Signature


View solution in original post

8 Replies 8

bill.king1
VIP Advocate VIP Advocate
VIP Advocate

You'll have to be more specific I think for people to offer any suggestions. Which version of PCCE and which certificate(s) are you letting expire, on which devices?

Sorry  

PCCE ver 12.6

What are the issues with the running PCCE when the certificate between AWS and Roger, PG, CUCM, and Fineese expires?

Not being very proficient in PCCE, but in general it is a bad idea to let certificates expire. As a rule of thumb you should always keep all of your certificates valid at all times.



Response Signature


I agree with your think, 

Because it feels like the payment date  

I am just curious because I have never renewed the PCCE solution certificate.

It could be many things. Admins may have issues logging into the SPOG. Supervisors may have issues logging into CCEAdmin for reskilling. Agents may have issues with Finesse.
I guess the better question is, to @Roger Kallberg 's point, what are you trying to do/why are you letting them expire? Is this for testing? You should be able to work with your Cisco partner to generate new requests and have these updated.

My company bosses don't know either. I'm asking a question because everyone is curious  

+ Because if the customer asks, I have to give an accurate answer as an engineer.

Actually @Roger Kallberg wrote an article on here about renewing the UC Certificates.

Cisco UC Certificates Renewal Guide 

There are SEVERAL certificates that have to be renewed, but I think you only need to buy ONE or two perhaps - we use a wildcard certificate where we can use it for several different purposes. Some certificates just have to be self-signed, and need no purchases.

 

Thank you @rikardkrvaric for posting the link to the document. It does not per see cover UCCE/PCCE, but it does have information for many other UC systems. From my experience the only certificate that needs to be signed by a public CA is the one on the Expressway E(s), the other that are signed can be signed by an internal CA. As mentioned many of the certificates are not signed by a CA, but self signed and that works perfectly fine. All this said as I wrote earlier all certificates should at all times be kept valid, that’s an integral part of the circle of trust in PKI. 



Response Signature


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: