Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
5
Helpful
3
Replies

CUCM Certificates

Go to solution
George Clark
Level 1
Level 1

‎07-04-2018 06:13 AM - edited ‎03-18-2019 12:28 PM

Need some assistance we have a cluster with 4800 phones 1 Pub, 4 Subs and 2 tftp  servers the only server that is expiring is on the publisher which is the callmanager cert since all our phones are registered to the subscribers none on the publisher, do the phones have to be reset we have 3800 phones ????

Or can i just regenerate the cert on the publisher all callmanager certs are fine on the subs and tftp ....

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Chris Deren
Hall of Fame
Hall of Fame
In response to George Clark

‎07-04-2018 07:14 AM

So, is it about to expire or does not expire until 2021?  In either case certs are replicated across all nodes, and in version 11.5 if you delete it from Pub that cert also gets deleted on Subs.  Since the cert is part of trust store (ITL cert) deleting any of the CallManager certs even if no devices use it will impact those devices, and it's likely you will see the phones reset.

View solution in original post

3 Replies 3

Go to solution
Chris Deren
Hall of Fame
Hall of Fame

‎07-04-2018 06:52 AM

What version is your CUCM as it works different for 11.5+ vs. previous. Does this cert exist on other CUCM nodes?  If so, deleting/regenerating it will reset the phones, in either way do it during maintenance window as the resets are unpredictable (some related bugs exists) and even if you delete expired certs I've seen phones reset.

0 Helpful

Go to solution
George Clark
Level 1
Level 1
In response to Chris Deren

‎07-04-2018 07:08 AM

Thanks, we are version 11.5 the cert is valid on all other servers in the cluster they don't expire till 2021 so I thought since no phones are on the publisher they would not require a reboot we are 7X24 ...

0 Helpful

Go to solution
Chris Deren
Hall of Fame
Hall of Fame
In response to George Clark

‎07-04-2018 07:14 AM

So, is it about to expire or does not expire until 2021?  In either case certs are replicated across all nodes, and in version 11.5 if you delete it from Pub that cert also gets deleted on Subs.  Since the cert is part of trust store (ITL cert) deleting any of the CallManager certs even if no devices use it will impact those devices, and it's likely you will see the phones reset.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents