08-29-2021 05:49 AM - edited 08-29-2021 06:13 AM
Hi Experts,
Want to get your opinion:
Old: CUCM 9.1.2
New: CUCM 12.5
Non-mixed mode environment
We planning to migrate our CUCM 9.1.2 phones to CUCM 12.5 on a different IP address and hostname environment - backup/restored and upgraded to a new UCS server.
We need to do cert exchange between these 2 servers by following this: https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/215539-procedure-for-bulk-certificate-managemen.html
However, our CUCM 9.1.2's certificates are all expired, but phones are currently registered and working fine.
Questions:
+ Should be safe regenerating CUCM 9.1.2's certificates and phones should still register after regenerating?
+ Any other things that I should be careful with?
Planning to follow this: https://community.cisco.com/t5/ip-telephony-and-phones/regeneration-of-expired-all-certicates-on-communications-manager/td-p/2928284
Thank you.
Regards,
Flo
08-29-2021 06:37 AM
If you are planning to backup/restored and upgraded to a new UCS server, backup/restore can only be done with same version and node IP's Should be same. Different IP address and hostname environment not going to work.
Use PCD, its the best choice for your case.Refer PCD admins guide to learn more about the possible scenarios.
I will suggest to regenerate the certificate prior migrations. Phones works fine if you regenerate the certificate aper recommended procedure.
There is another option to trust the new cluster, Enterprise Parameters > Prepare Cluster for Rollback to pre 8.0 > Set the parameter to True
08-29-2021 07:35 AM - edited 08-29-2021 07:38 AM
As @Nithin Eluvathingal suggested PCD would be your best option for this. I too recommend that you renew the expired certificate. If done following the proper procedure it should not cause you any difficulties. For this have a look at this document I wrote awhile back. Cisco UC Certificates Renewal Guide
08-29-2021 07:54 AM - edited 08-29-2021 07:58 AM
Thanks Nithin and Roger.
I am just worried about the ITL file on the phones.
1. Do I need to verify the ITL first before doing the regeneration?
2. Or can I do the "Prepare Cluster for Rollback to pre 8.0" then do the regeneration? Then put back to "false" after all certificates had been generated.
After that, I will do the merging of CUCM 9.1.2 and CUCM 12.5 servers' certificates.
08-29-2021 10:40 AM
IF you want you can make a note of the ITL signature.. I normally does that..
For regenerating the certificates you don't need to make "Prepare Cluster for Rollback to pre 8.0" true..
Dont regenerate the callmanger and TVS certificate together.. if you do so it brakes the trust and your phones will face issues..
By the what all certificates you need to renew ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide