Cisco Community
English
Register
How do YOU and your teams use messaging in Webex? Let us know for a chance to win some Webex swag!
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
6964
Views
25
Helpful
9
Replies
Dennis Mink
Advisor
Advisor
‎09-20-2017 03:13 PM
‎09-20-2017 03:13 PM

Certificate expiration warnings

Does anyone have any bright ideas on how to get proactive alerts prior to certificates expiring. on things like CUCM, CUPS, conductor, VCS etc.

 

so what I am after is for instance an email alert, alerting the sys admins, say, 1 month in advance that a security certificate is about to expire, so a new one can be uploaded in a controlled manner, rather that the cert expiring and breaking TLS on trunks for instance.

 

Please note that these are for certs that are internally signed, so I cant to for instance rapidSSL cert tracking

 

Guaranteed  rating on anyone with a meaningful answer

Please remember to rate useful posts, by clicking on the stars below.

Labels:
1 person had this problem
0 Helpful
9 REPLIES 9
Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee
‎09-20-2017 03:57 PM
‎09-20-2017 03:57 PM

CUCM and other products that share the same blueprint already do that

 

Certificates should be regenerated before they expire. When the certificates are about to expire you will receive warnings in RTMT (Syslog Viewer) and an email with notification will be sent if configured.

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

HTH

java

if this helps, please rate
Andrew West
Enthusiast
Enthusiast
In response to Jaime Valencia
‎09-20-2017 06:01 PM
‎09-20-2017 06:01 PM

You can also set up CertMon, I cant remember the exact name right now, but you view it from the same place where you do other cert steps. 

 

If i remember right this allows you to setup a point at which you get an "early warning" on an upcoming expiring date. 

 

Just looked it up...it is called Certificate Monitor and here is how you set it up. 

 

Monitor Certificate Expiration

Use this procedure to configure your system to automatically send you an email message when a certificate is close to its expiration date.

Procedure

Step 1  From Cisco Unified OS Administration, choose Security > Certificate Monitor.
Step 2  In the Notification Start Time, enter a numeric value. This value is the number of days before you receive a notification through email.
Step 3  In the Notification Frequency, enter a numeric value and choose Days or Hours.
Step 4  (Optional)Check Enable E-mail notification, and then enter email addresses in the E-mail IDs field.
Step 5  Click Save.
pqueued
Beginner
Beginner
In response to Andrew West
‎09-20-2017 07:33 PM
‎09-20-2017 07:33 PM

OP this is what you want to do. Caveat being, you also need to configure SMTP in UCM for this to work, but it is the best built-in way to alert on expiring certs.
Philip D'Ath
Advisor
Advisor
‎09-20-2017 06:23 PM
‎09-20-2017 06:23 PM

We use PRTG for monitoring, and it includes an SSL sensor that monitors certificate age.

https://www.paessler.com/prtg

bsbswilson
Beginner
Beginner
In response to Philip D'Ath
‎02-04-2020 02:59 PM
‎02-04-2020 02:59 PM

If you're still watching this thread... can you please tell me what IP/URL you point PRTG to so you can monitor  certs?

 

The certificates presented for the web administration consoles are not the same certificates used for Jabber for example, and I haven't been able to find what IP/port to point a PRTG SSL sensor to so I can monitor the tomcat cert.

0 Helpful
gretchen1983
Beginner
Beginner
In response to bsbswilson
‎05-15-2020 08:32 AM
‎05-15-2020 08:32 AM

wilson,

 

Did you figure it out?  I need a way to list all CUCM cert expiration dates.  I have AXL working, but I don't find a 'get cert list' or anything similar.  I was hoping there was a way with CLI or even SQL.  Too many to do via GUI. 

 

thanks

0 Helpful
Roger Kallberg
VIP Mentor VIP Mentor
VIP Mentor
‎05-15-2020 10:18 AM
‎05-15-2020 10:18 AM

For CVOS systems you can setup notification in OS admin webUI for certificate expiration.



Response Signature


0 Helpful
gretchen1983
Beginner
Beginner
In response to Roger Kallberg
‎05-15-2020 11:27 AM
‎05-15-2020 11:27 AM

I really need a way to put all the certs from my 50 nodes into one big spreadsheet so I can sort by the upcoming expiration dates.  So I was looking for AXL or CLI or even SQL, as I can script that.  I start it, go do something else for 20 minutes, come back and import the list. 

 

I found a way to do it in CLI but it's messy and needs a bunch of tweaking.  If SQL can list them out with exp dates that would be a nice improvement.  Or if AXL could pull a list with dates that would be the easiest.  Hey can AXL run SQL queries?  I think I heard that it can....

 

Any ideas for how to capture this list?

0 Helpful
Roger Kallberg
VIP Mentor VIP Mentor
VIP Mentor
In response to gretchen1983
‎05-15-2020 11:52 AM
‎05-15-2020 11:52 AM

There are two variants of AXL, thick and thin. Doing SQL queries would be thin.



Response Signature


0 Helpful
Latest Contents
Cisco Meeting Server Multiple Certificates and Multiple CA S...
Created by Meddane on 06-28-2022 02:57 PM
0
0
0
0
Certificates are the first step to deploy Cisco Meeting Server, preparing certificate are very important to enable different services. As a VOIP administrator, mastering the concept of certificates is unavoidable Using multiple CA servers, instead of a si... view more
Cisco Meeting Server Clustering and Certificates document
Created by Meddane on 06-24-2022 04:11 PM
0
0
0
0
I just finished to write a comprehensive certificates preparation for Cisco Meeting Server Clustering. Through 60 pages I explained in detail, how to create certificates for database cluster, callbridge cluster, certificate chain for webbridge3, certifica... view more
Route Pattern, Translation Pattern and Transformation Patter...
Created by Meddane on 06-22-2022 10:33 AM
0
0
0
0
Route Pattern, Translation Pattern and Transformation Pattern on Cisco Unified Communication Manager with four use cases.  
Translation Pattern and “Route Next Hop By Calling Party Num...
Created by Meddane on 06-12-2022 03:04 PM
0
0
0
0
Translation Pattern is the most important tool in the Call Routing Process for Cisco Unified Communication manager. Largely used in the Globalized Dial Plan, inter-site and intra-site dialing, and a powerful tool to solve the problem of overlapping direct... view more
How can AI help you to get more out of your CRM?
Created by JitendraB on 06-11-2022 02:21 PM
0
0
0
0
Customer relationship management (CRM) tools are essential for managing relationships, collaborating with your team, and closing deals. The most forward-thinking CRM companies now integrate artificial intelligence (AI) into their software. The combination... view more
Ask a Question
Create
+ Discussion
+ Blog