Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2649
Views
14
Helpful
3
Replies

Error on RTMT - Any ideas if its important ?

keanej
Level 3
Level 3

‎04-17-2013 01:56 AM - edited ‎03-16-2019 04:50 PM

At Wed Apr 17 01:00:27 IST 2013 on node 10.9.10.5;

the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical MatchedEvent :

Apr 17 01:00:08  duhacu01 local7 2 : 285: XXXXXXXX.XXXX.XXX:

Apr 17 2013 00:00:08.689 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification.

Certificate name:CAPF-9f0025bb.der Unit:CallManager-trust Type:own-cert Expiration:Wed Mar 2]

[AppID=Cisco Certificate Monitor][ClusterID=][NodeID=duhacu01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days

AppID : Cisco Syslog Agent ClusterID :  NodeID : duhacu01  TimeStamp : Wed Apr 17 01:00:08 IST 2013

At Wed Apr 17 01:00:27 IST 2013 on node 10.9.10.5;

3 people had this problem
Labels:
0 Helpful
3 Replies 3

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎04-17-2013 03:35 AM

The ccm-trust store defines what certificates the actual CallManager process will accept. This is most commonly used when you are running the cluster in mixed mode. For example, the CAPF certificate is included so that certificates it issues to phones are trusted. The Security Guide states that the platform will auto-add the following things for you:

Cisco Unified Communications Manager imports the following certificate types to the CallManager trust store:
Cisco Unity server or Cisco Unity Connection certificate—Cisco Unity and Cisco Unity Connection use this self-signed root certificate to sign the Cisco Unity SCCP and Cisco Unity Connection SCCP device certificates. For Cisco Unity, the Cisco Unity Telephony Integration Manager (UTIM) manages this certificate. For Cisco Unity Connection, Cisco Unity Connection Administration manages this certificate.
Cisco Unity and Cisco Unity Connection SCCP device certificates—Cisco Unity and Cisco Unity Connection SCCP devices use this signed certificate to establish a TLS connection with Cisco Unified Communications Manager.
The certificate name represents a hash of the certificate subject name, which is based on the voice-mail server name. Every device (or port) gets issued a certificate that is rooted at the root certificate.
SIP Proxy server certificate—A SIP user agent that connects via a SIP trunk authenticates to Cisco Unified Communications Manager if the CallManager trust store contains the SIP user agent certificate and if the SIP user agent contains the Cisco Unified Communications Manager certificate in its trust store.

So, if none of that applies and you're not running in mixed mode you should be able to delete the certificate (to stop the alert) or just ignore it.

Please remember to rate helpful responses and identify helpful or correct answers.

bsmiller1
Level 1
Level 1
In response to Jonathan Schulenberg

‎08-20-2014 12:00 PM

I am getting the same error message...

At Mon Aug 18 19:00:39 CDT 2014 on node 10.20.9.11, the following SyslogSeverityMatchFound events generated: 

SeverityMatch : Critical

MatchedEvent : Aug 18 19:00:14 CCMSubscriber1 local7 2 : 13: CCMSubscriber1.illinoismutual.com: Aug 19 2014 00:00:14.214 UTC :  %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:CAPF-6ba147ce.der Unit:CallManager-trust Type:own-cert Expiration:Sun Aug 2][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CCMSubscriber1]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID : 

NodeID : CCMSubscriber1

 TimeStamp : Mon Aug 18 19:00:14 CDT 2014

...

I went into Certificate Management and found the expiring CAPF certificates (four of them) and also found there are four newer CAPF certificates on the system. The expiring certificates appear to be from back when the system was first installed around 2009. I checked with the engineer that installed our last upgrade in Jan of 2013 and he thought the expiring certificates can be safely deleted. What I am wondering is how can I tell if these certificates are still used? Cisco documentation I found on expiring certificates indicates that I should regenerate expiring certificates but none of my CAPF certificates (expiring or the newer ones) show a regenerate button - I can only save or delete these particular certificates. If these certificates are still referenced somewhere in the system and I save them off and then delete them off the system, uploading them back onto the server if there is a problem may create another issue if I don't know where the certificates were referenced previously. I'm not sure what to do at this point as yes the system identified the expiring certificates but I have no idea if this is a problem or not and/or how to fix it if it is.

 

0 Helpful

wenqianyu
Level 3
Level 3
In response to bsmiller1

‎01-07-2015 05:00 PM

I have the same problem in our CUCM 912 cluster. Have you deleted your expired certificates? Do you need to reboot phones after delete certificates?

 

Thanks,

 

Wenqian

0 Helpful
Customers Also Viewed These Support Documents