Showing results for 
Search instead for 
Did you mean: 

CUCM 7.1.5 Certificates expiring...


Hi all,

Our CAPF, CallManager, IPsec and tomcat certificates due to expire soon and I would like to know the process to update them. We are running mixed mode using LSCs. I have found information on setting up the CAPF from scratch, but not much to do with updating the current certs.

From what I can gather, the steps should be similar to below...

  • Backup either the full system, or download/backup the current certs
  • Regenerate the expiring CAPF, CallManager, ipsec and tomcat certs
  • Run the CTL client
  • Restart the CTL, CAPF, CallManager, tomcat, DRS Local and DRS Master services on all nodes (where applicable, depending which certs need to be regenerated)
  • (Using BAT) Set all phones back to...
    • Certificate Operation: install/upgrade
    • Authentication Mode: by existing certificate (Precedence to LSC)
    • Apply Config, save and reset

Can anyone confirm this? Not having a lab environment to test this with, I am hesitant to do so before being able to confirm!

Much appriciated, Thank you.

2 Replies 2


Anyone?  Surely someone has come across this scenario before?

For anyone else who may come across this issue, the steps below were successful for me...

1. Backup either the full system, or download/backup the current certs

2. Regenerate tomcat.pem

3. Restart tomcat service

4. Regenerate ipsec.pem

5. Regenrate callmanager.pem

6. Regenerate capf.pem

7. (if cluster) Follow the above steps on all the other servers starting with Publisher and then on subs

8. Run the CTL client and update CTL

9. Reboot servers, starting with Pub, then Subs

10. (Using BAT) Set all phones back to...

a. Certificate Operation: install/upgrade

b. Authentication Mode: by null string

c. Save, Apply Config and reset

11. (Using BAT) Set Security-Profile on all phones back to Secure Profile.  Save, Apply, Reset.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers