Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
6
Replies

CUCM Certificates!

Stuart C
Level 1
Level 1

‎06-13-2018 01:42 AM - edited ‎03-17-2019 01:00 PM

Hi, 

 

I have some Tomcat certificates that have expired, self-signed not CA signed.  Everything appears to be working however.  I notice I have EC and RSA types.  The RSA ones have expired, but the EC are still valid.  

Can someone advise why nothing is broken, is it because of the in date EC certificates?

 

Thanks

Labels:
0 Helpful
6 Replies 6

Dennis Mink
VIP Alumni
VIP Alumni

‎06-13-2018 03:02 AM

tomcat certs are used for instance when you pull up the cucm portal, because they are self signed it would pop up an notification saying you cant trust the cert. you can import it and trust it, and no questions asked. even if it expires.  with certs signed by a trusted CA, this is a different matter.

 

this is why nothing has broken.

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Stuart C
Level 1
Level 1
In response to Dennis Mink

‎06-13-2018 04:15 AM

Hi,
So I don’t even need to re-generate them?
Because I have other self-signed certs that have expired too (ipsec, call-manager, TVS, CAPF) So are you saying I don’t need to renew these?
Thanks
0 Helpful

R0g22
Cisco Employee
Cisco Employee
In response to Stuart C

‎06-13-2018 05:59 AM

I don't think that's what Dennis meant. He answered your query as to why nothing broke even with expired certs.
You should regenerate them. Even if you are not using secure voice/secure access, you won't at least get RTMT alerts for this.
Recommended is to have CA signed but does not seem like certificates are a concern for your organisation.

0 Helpful

Stuart C
Level 1
Level 1
In response to R0g22

‎06-13-2018 06:02 AM

I had to regenerate Tomcat as it effected Finesse logins when it expired. However I still have the ones I listed as expired. I will get them all regenerated.
Thanks
0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to Stuart C

‎06-13-2018 06:29 AM

Make sure to review the ITL/SBD and certificate regeneration documentation before doing so, to avoid ITL problems.

HTH

java

if this helps, please rate
0 Helpful

Stuart C
Level 1
Level 1
In response to Jaime Valencia

‎06-13-2018 06:37 AM

Hi Jaime,
Thanks for the advice. Do you have a link to the document?
Also, I have many other self-signed certs that aren’t in date. Why are there not more things broken? For example, IPSEC cert which I thought was used for backups, but backups aren’t affected by this out of date cert?
Thanks
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents