Solved: Re: I have a question about renewing the certificate !!

SeungHyeon IM · ‎09-21-2022

I wonder what kind of problem will occur if I don't renew the certificate of PCCE solution.

Is there a function that doesn't work if I don't renew the certificate of the PCCE?

rikardkrvaric · ‎09-22-2022

Actually @Roger Kallberg wrote an article on here about renewing the UC Certificates.

There are SEVERAL certificates that have to be renewed, but I think you only need to buy ONE or two perhaps - we use a wildcard certificate where we can use it for several different purposes. Some certificates just have to be self-signed, and need no purchases.

View solution in original post

Roger Kallberg · ‎09-22-2022

Thank you @rikardkrvaric for posting the link to the document. It does not per see cover UCCE/PCCE, but it does have information for many other UC systems. From my experience the only certificate that needs to be signed by a public CA is the one on the Expressway E(s), the other that are signed can be signed by an internal CA. As mentioned many of the certificates are not signed by a CA, but self signed and that works perfectly fine. All this said as I wrote earlier all certificates should at all times be kept valid, that’s an integral part of the circle of trust in PKI.

View solution in original post

bill.king1 · ‎09-21-2022

You'll have to be more specific I think for people to offer any suggestions. Which version of PCCE and which certificate(s) are you letting expire, on which devices?

SeungHyeon IM · ‎09-21-2022

Sorry

PCCE ver 12.6

What are the issues with the running PCCE when the certificate between AWS and Roger, PG, CUCM, and Fineese expires?

Roger Kallberg · ‎09-21-2022

Not being very proficient in PCCE, but in general it is a bad idea to let certificates expire. As a rule of thumb you should always keep all of your certificates valid at all times.

SeungHyeon IM · ‎09-22-2022

I agree with your think,

Because it feels like the payment date

I am just curious because I have never renewed the PCCE solution certificate.

bill.king1 · ‎09-22-2022

It could be many things. Admins may have issues logging into the SPOG. Supervisors may have issues logging into CCEAdmin for reskilling. Agents may have issues with Finesse.
I guess the better question is, to @Roger Kallberg 's point, what are you trying to do/why are you letting them expire? Is this for testing? You should be able to work with your Cisco partner to generate new requests and have these updated.

SeungHyeon IM · ‎09-22-2022

My company bosses don't know either. I'm asking a question because everyone is curious

+ Because if the customer asks, I have to give an accurate answer as an engineer.

rikardkrvaric · ‎09-22-2022

Actually @Roger Kallberg wrote an article on here about renewing the UC Certificates.

Cisco UC Certificates Renewal Guide

There are SEVERAL certificates that have to be renewed, but I think you only need to buy ONE or two perhaps - we use a wildcard certificate where we can use it for several different purposes. Some certificates just have to be self-signed, and need no purchases.

Roger Kallberg · ‎09-22-2022

Thank you @rikardkrvaric for posting the link to the document. It does not per see cover UCCE/PCCE, but it does have information for many other UC systems. From my experience the only certificate that needs to be signed by a public CA is the one on the Expressway E(s), the other that are signed can be signed by an internal CA. As mentioned many of the certificates are not signed by a CA, but self signed and that works perfectly fine. All this said as I wrote earlier all certificates should at all times be kept valid, that’s an integral part of the circle of trust in PKI.