Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2290
Views
5
Helpful
1
Replies

CUCM | Alarm to indicate that Certificate has Expired or Expires in less than seven days

deepfree1
Level 1
Level 1

‎10-19-2017 02:30 AM - edited ‎03-17-2019 11:25 AM

Hello gents.

 

Need your support information according critical notification i v got.

There is a problem with certificate at my CUCM v 8.6.

Any suggestions how can i resolve it or make a certificate prolongation ?

I was reading manual at the forums but didnt get clearly. 

Any help will be high appreciated.

 

logs:

 

 At Wed Oct 18 18:00:24 ALMT 2017 on node CCM01, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Oct 18 18:00:02 CCM01 local7 2 : 144: CCM01.hb.kz: Oct 18 2017 12:00:02.717 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:CCM02.hb.kz.der Unit:tomcat-trust Type:own-cert Expiration:Wed Oct 25 1][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 

NodeID : CCM01

 TimeStamp : Wed Oct 18 18:00:03  2017 

 

SeverityMatch : Critical

MatchedEvent : Oct 18 18:00:02 CCM01 local7 2 : 145: CCM01.hcb.kz: Oct 18 2017 12:00:02.722 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:CCM02.hb.kz.der Unit:ipsec-trust Type:own-cert Expiration:Wed Oct 25 14][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 

NodeID : CCM01

 TimeStamp : Wed Oct 18 18:00:04 ALMT 2017

 

 

 

 

 At Wed Oct 18 18:01:24 ALMT 2017 on node CCM02, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Oct 18 18:00:51 CCM02 local7 2 : 132: CCM02.hcb.kz: Oct 18 2017 12:00:51.294 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:CAPF-c19aefc1.der Unit:CallManager-trust Type:own-cert Expiration:Wed Oct 2][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CCM02]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 

NodeID : CCM02

 TimeStamp : Wed Oct 18 18:00:51 ALMT 2017

 

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎10-19-2017 04:10 AM

Hi here is a summary of what is happening

This cert:CAPF-c19aefc1.der uploaded to CallManager-trust has expired. You need to verify that the actual CAPF cert has been regenerated. If it has been regenerated, then all you need to do is delete this cert from the trust-store. If it has not, then you need to regenerate it and cucm will be automatically uploaded it to Callmanager-trust store.

 

This cert:CCM02.hb.kz.der uploaded to tomcat-trust will expire on October 25. Again you need to do the same thing as suggested above for this.

 

This cert:CCM02.hb.kz.der uploaded to ipsec-trust will expire on October 25. Again you need to do the same thing as suggested above for this.

 

Before you regenerate certs, please read this document carefully and understand what you need to do

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

Please rate all useful posts
Customers Also Viewed These Support Documents