Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3032
Views
10
Helpful
5
Replies

cucm out of date certificates

Go to solution
johnsnave1
Level 1
Level 1

‎02-23-2016 07:48 AM - edited ‎03-17-2019 05:58 AM

Hi, I have a customer that has experienced CUCM DRS backup problems. The are running version 7.1.5. I have attached a show output and a screen shot. It looks like the certificates have expired on the publisher. Could you please confirm that this is likely to cause the backup failure and if it is how do I renew the certificates?

Many thanks, John.

Labels:
Preview file
295 KB
Preview file
7 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Deepak Rawat
Cisco Employee
Cisco Employee

‎02-23-2016 08:18 AM

Absolutely yes, it can cause the issue with DRF backup specially the IPSec certificates. Simply, go to CUCM OS Administration page >> Security >> Certificate Management >> Find

Click on the Common Name next to tomcat certificate and then Regenerate

Click on the Common Name next to ipsec and the Regenerate

After this, restart below services from CUCM CLI:

utils service restart Cisco Tomcat

utils service restart Cisco DRF Master (will only work on Publisher)

utils service restart Cisco DRF Local

Looking at the Screenshot, it seems to fail for CUCM subscriber hence do the above process for that node only. In case, if the certificates are expired on Publisher as well then do it for that as well (simply open the Tomcat and Ipsec certificate server on Publisher and check the Expiry Date to be sure about it.) Also, do the above process for tomcat and ipsec certificate respectively and not for tomcat-trust and ipsec-trust

Regards

Deepak

View solution in original post

5 Replies 5

Go to solution
Deepak Rawat
Cisco Employee
Cisco Employee

‎02-23-2016 08:18 AM

Absolutely yes, it can cause the issue with DRF backup specially the IPSec certificates. Simply, go to CUCM OS Administration page >> Security >> Certificate Management >> Find

Click on the Common Name next to tomcat certificate and then Regenerate

Click on the Common Name next to ipsec and the Regenerate

After this, restart below services from CUCM CLI:

utils service restart Cisco Tomcat

utils service restart Cisco DRF Master (will only work on Publisher)

utils service restart Cisco DRF Local

Looking at the Screenshot, it seems to fail for CUCM subscriber hence do the above process for that node only. In case, if the certificates are expired on Publisher as well then do it for that as well (simply open the Tomcat and Ipsec certificate server on Publisher and check the Expiry Date to be sure about it.) Also, do the above process for tomcat and ipsec certificate respectively and not for tomcat-trust and ipsec-trust

Regards

Deepak

Go to solution
johnsnave1
Level 1
Level 1
In response to Deepak Rawat

‎02-24-2016 07:32 AM

Many thanks Deepak - greatly appreciated!

0 Helpful

Go to solution
johnsnave1
Level 1
Level 1
In response to Jaime Valencia

‎02-24-2016 07:42 AM

Many thanks Jaime. Excellent video. You must be the busiest person at Cisco - I hope they pay you well.

0 Helpful

Go to solution
dsobrinho
Level 9
Level 9
In response to Jaime Valencia

‎10-10-2018 03:16 PM

Hi Jaime,

 

how are you doing?

 

So, I would like to know if you have a vídeo for that specific problem of DRS certificate expired? regenerated the ipsec and tomcat?

 

Tks

 

Daniel Sobrinho
0 Helpful
Customers Also Viewed These Support Documents