cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3921
Views
5
Helpful
1
Replies

Certificate error on Call Manager 7.1.2

oasislegal
Level 1
Level 1

We recently upgraded from 7.0.1 to 7.1.2. After enabling alerts we started getting this message once an hour. What is the best way to resolve this issue?

At Wed Sep 12 18:00:31 CDT 2012 on node 192.168.101.10, the following SyslogSeverityMatchFound events generated:

SeverityMatch - Emergency : 258: Sep 12 23:00:00.218 UTC :

%CCM_UNKNOWN-CERT-0-CertExpiryEmergency:

Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification.

Certificate name:CAPF Unit:CAPF

Type:own-cert

Expiration:Mon Jul 23 17:14:08:000 CDT 2012 / App ID:Cisco Certificate Monitor

Cluster ID: Node ID:OLFCCM01 SeverityMatch - Emergency :

259: Sep 12 23:00:00.218 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency:

Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification.

Certificate name:CAPF-e300286f

Unit:CallManager-trust Type:trust-cert Expiration:Mon Jul 23

App ID:Cisco Certificate Monitor

Cluster ID: Node ID:OLFCCM01 SeverityMatch - Emergency :

260: Sep 12 23:00:00.219 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification.

Certificate name:CAPF-e300286f Unit:CAPF-trust Type:trust-cert Expiration:Mon Jul 23 17:14:0

App ID:Cisco Certificate Monitor

Cluster ID: Node ID:OLFCCM01

1 Reply 1

Akhil Behl
Level 1
Level 1

Hi,

A few things you can check:

1. If you using CUCM internal or CA signed CAPF certificates.

2. Can you see the CN from capf-trust.pem certificate, does that correspond to the CUCM FQDN?

3. What is the remaining lifetime capf-trust certificate?

If the certificate is about to expire, you can regenrate it from CUCM OS GUI page (if self signed) or have it reissued by the CA (if its signed by external CA). In case of latter, be sure to generate a new CSR.



Akhil Behl
Senior Network Consultant
akbehl@cisco.com

Author of “Securing Cisco IP Telephony Networks”
http://www.ciscopress.com/title/1587142953

Akhil Behl Solutions Architect akbehl@cisco.com Author of “Securing Cisco IP Telephony Networks” http://www.ciscopress.com/title/1587142953
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: