Showing results for 
Search instead for 
Did you mean: 

CUCM CAP-RTP-001 and CAP-RTP-002


Hello ,

These tow certs CAP-RTP-001 and CAP-RTP-002 are installed the cucm as callmanager-trust and capf-trust , they will be expired in 2023 . How can we get new / valid certs .


52 Replies 52

Good to hear it worked on your test cluster! I also did a full reboot of the publisher and subscribers (one at a time) after deleting the certificate.

I have deleted CAP-RTP-001 certificate from Callmanager-Trust but could not delete it from CAPF-Trust store. Received HTTP Status 404 Error.

I'm able to delete it from CAPF-Trust store as well. Earlier, I have stopped the Certificate Change Notification service as best practice before deleting any certificate. Not sure if that caused the issue. Later on we started back that service and deleted it from CAPF store. Thank you!


Hi guys,

I have CAPF expiring next week, should I be worried about anything? I am planning on deleting these at a later date following a system upgrade. I have both  Cisco CTL Provider and Cisco Certificate Authority Proxy Function services deactivated.




I have updated UC Cluster yesterday and have deleted  CAP-RTP-001 and CAP-RTP-002 from  callmanager-trust and capf-trust . I was running cluster in mixed mode. Till now everything seems to be fine. I have downloaded the certificates from each Phone  and no certificate was signed from CAP-RTP-001 and CAP-RTP-002. With the Following Script , We can check signer of the Certificates instead of checking each Certificate manually. 



for i in *.cer
openssl x509 -noout -issuer -subject -dates -inform der -in $i
echo "----"


I have a single cluster with 15,000 phones.  CAPF is not active and I am not running in Mixed mode.  TAC is telling me that I have to switch to LSC before RTP-001 expires on Monday.  Is this considered to be true?  Will this have any effect on my Gateways and Trunks?  

What will likely happen if I don't switch to LSC and just delete the RTP-001 cert?

I don’t understand why they would want you to switch to LSC as your cluster is not in mixed mode? None of our clusters are in mixed mode and all we did was to delete the certificate. So far we have not seen any impact of this.

Response Signature


HI, I have removed the two CAP-RTP-001 & 002 certs from both the trust stores in two different CUCM clusters.  One cluster was not in mixed mode and the other cluster was in mixed mode yet not using LSC or the secure profiles in the phones ( just mixed mode enabled without secure phones).   

The impact was nothing.  I did restart the recommended services and I also rebooted the full cluster as it had not been rebooted in a very long time.  

TAC could not provide any documents to talk about the two MIC certs and how they would or would not impact the cluster however two different TAC cases both gave me the same recommendation to delete the certs as I was not using secure profiles on the phones. If I was using secure profiles on the phones then I needed to push/install the LSC as standard practice for the phones to register in a secure cluster with secure profiles... yet on those clusters I did not need the secure profiles or LSCs.    

I hope that helps anyone else looking for more details.   Just delete it and cross your figures then restart the services.... 

( this is the same thing I posted in the other forum about this topic... FYI I will complete the same process on a 3rd cluster tonight, the other two clusters have been running fine for a week after removing the certs.) See this forum post ->  Re: CUCM CAP-RTP-001 and CAP-RTP-002

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers