01-12-2023 02:05 AM
Dears,
I was looking in my cucm Certificates and I found that the tomcat.pem certificate is expired
Validity From: Tue Apr 18 15:19:19 AST 2017
To: Sun Apr 17 15:19:18 AST 2022
and according to the documentation the
Tomcat.pem
the above problem should occur if the certificate does expire but the as I noticed the phones working perfectly and corporate directory work as should.
explanation about this?
01-12-2023 03:23 AM
Probably because the phones use http and not https.
You wrote it yourself: Phones are not able to access HTTPs services hosted on the CUCM node, such as Corporate Directory
01-12-2023 04:56 PM
A few additional things that can go wrong with expired certificates. These may not apply to your setup, as it's taken so long to detect the issue.
- Your browser will complain at you every time you connect to the admin screen.
- Jabber and Webex phone users will get certificate error messages.
- Expressway integration for MRA can break
- LDAP integration may break if you use encrypted port
If you are using encryption anywhere in your telephony environment, you should go ahead and replace the certs - as a best practice before they expire, but as they are already expired you should still replace them now that you've discovered it.
01-12-2023 10:12 PM
You should always make sure that your certificates are valid. Please follow this document for how to renew them. Cisco UC Certificates Renewal Guide
Also setup the certificate monitor in your system so that you’ll get notifications on soon to expire certificate(s).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide