Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
25
Helpful
4
Replies

CUCM 9.1.2 migrate to CUCM 12.5 Exchange Certs

Flo.Matalis
Level 1
Level 1

‎08-29-2021 05:49 AM - edited ‎08-29-2021 06:13 AM

Hi Experts,

 

Want to get your opinion:

 

Old: CUCM 9.1.2

New: CUCM 12.5

Non-mixed mode environment

 

We planning to migrate our CUCM 9.1.2 phones to CUCM 12.5 on a different IP address and hostname environment - backup/restored and upgraded to a new UCS server.

 

We need to do cert exchange between these 2 servers by following this: https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/215539-procedure-for-bulk-certificate-managemen.html

 

However, our CUCM 9.1.2's certificates are all expired, but phones are currently registered and working fine.

 

Questions:

+ Should be safe regenerating CUCM 9.1.2's certificates and phones should still register after regenerating?

+ Any other things that I should be careful with?

 

Planning to follow this: https://community.cisco.com/t5/ip-telephony-and-phones/regeneration-of-expired-all-certicates-on-communications-manager/td-p/2928284

 

Thank you. 

 

Regards,

Flo

 

 

 

Labels:
4 Replies 4

Nithin Eluvathingal
VIP
VIP

‎08-29-2021 06:37 AM

If you are planning to backup/restored and upgraded to a new UCS server, backup/restore can only be done with  same version and node IP's Should be same. Different IP address and hostname environment not going to work.

 

Use PCD, its  the best choice for your case.Refer PCD admins guide to learn more about the possible scenarios.

 

I will suggest to regenerate the certificate prior migrations. Phones works fine  if you regenerate the certificate aper recommended procedure. 

 

There is another option to trust the new cluster, Enterprise Parameters > Prepare Cluster for Rollback to pre 8.0 > Set the parameter to True

 

 

 

 

 

 



Response Signature


Roger Kallberg
VIP
VIP

‎08-29-2021 07:35 AM - edited ‎08-29-2021 07:38 AM

As @Nithin Eluvathingal suggested PCD would be your best option for this. I too recommend that you renew the expired certificate. If done following the proper procedure it should not cause you any difficulties. For this have a look at this document I wrote awhile back. Cisco UC Certificates Renewal Guide 



Response Signature


Flo.Matalis
Level 1
Level 1
In response to Roger Kallberg

‎08-29-2021 07:54 AM - edited ‎08-29-2021 07:58 AM

Thanks Nithin and Roger.

 

I am just worried about the ITL file on the phones.

 

1. Do I need to verify the ITL first before doing the regeneration? 

2. Or can I do the "Prepare Cluster for Rollback to pre 8.0" then do the regeneration? Then put back to "false" after all certificates had been generated.

 

After that, I will do the merging of CUCM 9.1.2 and CUCM 12.5 servers' certificates.

 

0 Helpful

Nithin Eluvathingal
VIP
VIP
In response to Flo.Matalis

‎08-29-2021 10:40 AM

IF you want you can make a note of the ITL signature.. I normally does that.. 

 

For regenerating the certificates you don't need to make "Prepare Cluster for Rollback to pre 8.0"  true.. 

 

 

Dont regenerate the callmanger and TVS certificate together.. if you do so it brakes the trust and your phones will face issues.. 

 

By the what all certificates you need to renew ?

 

 



Response Signature


0 Helpful
Customers Also Viewed These Support Documents