Deleting security / trust certificates. They keep coming back

b1pilot101 · ‎06-05-2014

Hello Everyone,

I have an issue where I have some certs that were installed in the cluster (IPsec-trust, TVS-trust, Tomcat-trust, i.e.) When I delete these off the pub and the subs, they keep coming back. I have turned off replication and TVS services, but as soon as I delete these certs they come back. Is there something such as a service that I should be shutting down that I am not??

Can anyone tell me what I am doing wrong? I can't figure this out to save my life.

Thanks in advance for any help!!

Regards!

Bob

bernhardczapp · ‎06-06-2014

The eg tomcat certificates of the other nodes in the cluster are automatically imported as tomcat-trust and similar.

You could check the serial numbers to check if this is the case.

Chris Deren · ‎06-06-2014

These are most likely self signed certs which are required if you don't upload CA signed certs. You can look at the certs to validate who signed them.

Chris

b1pilot101 · ‎08-14-2014

I found the correct services that need to be turned off to be able to delete certs and not have them automatically be replicated from the cluster. The services are as follows:

Stop the Cisco Certificate Expiry Monitor and Cisco Certificate Change Notification services on all of the servers in the cluster

Refer to this Cisco document...

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/117299-problemsolution-product-00.html