09-21-2022 12:04 AM
I wonder what kind of problem will occur if I don't renew the certificate of PCCE solution.
Is there a function that doesn't work if I don't renew the certificate of the PCCE?
Solved! Go to Solution.
09-22-2022 10:50 AM
Actually @Roger Kallberg wrote an article on here about renewing the UC Certificates.
Cisco UC Certificates Renewal Guide
There are SEVERAL certificates that have to be renewed, but I think you only need to buy ONE or two perhaps - we use a wildcard certificate where we can use it for several different purposes. Some certificates just have to be self-signed, and need no purchases.
09-22-2022 11:12 AM
Thank you @rikardkrvaric for posting the link to the document. It does not per see cover UCCE/PCCE, but it does have information for many other UC systems. From my experience the only certificate that needs to be signed by a public CA is the one on the Expressway E(s), the other that are signed can be signed by an internal CA. As mentioned many of the certificates are not signed by a CA, but self signed and that works perfectly fine. All this said as I wrote earlier all certificates should at all times be kept valid, that’s an integral part of the circle of trust in PKI.
09-21-2022 04:29 AM
You'll have to be more specific I think for people to offer any suggestions. Which version of PCCE and which certificate(s) are you letting expire, on which devices?
09-21-2022 05:18 PM
Sorry
PCCE ver 12.6
What are the issues with the running PCCE when the certificate between AWS and Roger, PG, CUCM, and Fineese expires?
09-21-2022 10:05 PM
Not being very proficient in PCCE, but in general it is a bad idea to let certificates expire. As a rule of thumb you should always keep all of your certificates valid at all times.
09-22-2022 08:02 AM
I agree with your think,
Because it feels like the payment date
I am just curious because I have never renewed the PCCE solution certificate.
09-22-2022 04:52 AM
It could be many things. Admins may have issues logging into the SPOG. Supervisors may have issues logging into CCEAdmin for reskilling. Agents may have issues with Finesse.
I guess the better question is, to @Roger Kallberg 's point, what are you trying to do/why are you letting them expire? Is this for testing? You should be able to work with your Cisco partner to generate new requests and have these updated.
09-22-2022 08:06 AM
My company bosses don't know either. I'm asking a question because everyone is curious
+ Because if the customer asks, I have to give an accurate answer as an engineer.
09-22-2022 10:50 AM
Actually @Roger Kallberg wrote an article on here about renewing the UC Certificates.
Cisco UC Certificates Renewal Guide
There are SEVERAL certificates that have to be renewed, but I think you only need to buy ONE or two perhaps - we use a wildcard certificate where we can use it for several different purposes. Some certificates just have to be self-signed, and need no purchases.
09-22-2022 11:12 AM
Thank you @rikardkrvaric for posting the link to the document. It does not per see cover UCCE/PCCE, but it does have information for many other UC systems. From my experience the only certificate that needs to be signed by a public CA is the one on the Expressway E(s), the other that are signed can be signed by an internal CA. As mentioned many of the certificates are not signed by a CA, but self signed and that works perfectly fine. All this said as I wrote earlier all certificates should at all times be kept valid, that’s an integral part of the circle of trust in PKI.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: