07-04-2018 06:13 AM - edited 03-18-2019 12:28 PM
Need some assistance we have a cluster with 4800 phones 1 Pub, 4 Subs and 2 tftp servers the only server that is expiring is on the publisher which is the callmanager cert since all our phones are registered to the subscribers none on the publisher, do the phones have to be reset we have 3800 phones ????
Or can i just regenerate the cert on the publisher all callmanager certs are fine on the subs and tftp ....
Solved! Go to Solution.
07-04-2018 07:14 AM
So, is it about to expire or does not expire until 2021? In either case certs are replicated across all nodes, and in version 11.5 if you delete it from Pub that cert also gets deleted on Subs. Since the cert is part of trust store (ITL cert) deleting any of the CallManager certs even if no devices use it will impact those devices, and it's likely you will see the phones reset.
07-04-2018 06:52 AM
What version is your CUCM as it works different for 11.5+ vs. previous. Does this cert exist on other CUCM nodes? If so, deleting/regenerating it will reset the phones, in either way do it during maintenance window as the resets are unpredictable (some related bugs exists) and even if you delete expired certs I've seen phones reset.
07-04-2018 07:08 AM
07-04-2018 07:14 AM
So, is it about to expire or does not expire until 2021? In either case certs are replicated across all nodes, and in version 11.5 if you delete it from Pub that cert also gets deleted on Subs. Since the cert is part of trust store (ITL cert) deleting any of the CallManager certs even if no devices use it will impact those devices, and it's likely you will see the phones reset.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: