CUCM 7.1.5 Certificates expiring...

RossRoach · ‎06-11-2013

Hi all,

Our CAPF, CallManager, IPsec and tomcat certificates due to expire soon and I would like to know the process to update them. We are running mixed mode using LSCs. I have found information on setting up the CAPF from scratch, but not much to do with updating the current certs.

From what I can gather, the steps should be similar to below...

Backup either the full system, or download/backup the current certs
Regenerate the expiring CAPF, CallManager, ipsec and tomcat certs
Run the CTL client
Restart the CTL, CAPF, CallManager, tomcat, DRS Local and DRS Master services on all nodes (where applicable, depending which certs need to be regenerated)
(Using BAT) Set all phones back to...
- Certificate Operation: install/upgrade
- Authentication Mode: by existing certificate (Precedence to LSC)
- Apply Config, save and reset

Can anyone confirm this? Not having a lab environment to test this with, I am hesitant to do so before being able to confirm!

Much appriciated, Thank you.

RossRoach · ‎06-18-2013

Anyone? Surely someone has come across this scenario before?

RossRoach · ‎07-09-2013

For anyone else who may come across this issue, the steps below were successful for me...

1. Backup either the full system, or download/backup the current certs

2. Regenerate tomcat.pem

3. Restart tomcat service

4. Regenerate ipsec.pem

5. Regenrate callmanager.pem

6. Regenerate capf.pem

7. (if cluster) Follow the above steps on all the other servers starting with Publisher and then on subs

8. Run the CTL client and update CTL

9. Reboot servers, starting with Pub, then Subs

10. (Using BAT) Set all phones back to...

a. Certificate Operation: install/upgrade

b. Authentication Mode: by null string

c. Save, Apply Config and reset

11. (Using BAT) Set Security-Profile on all phones back to Secure Profile. Save, Apply, Reset.