I'm running CUCM 8.6.2 in non-secure mode, and I've been getting certificate expiry RTMT/Syslog alerts. Not a problem, I thougt. Easy. Untl I started looking into it...

Exactly what are all the certificates for ? And which ones have to be done out-of-hours ? The CUCM docs (That I've found, anyway) are pretty vague on this. The funniest bit I found in the docs is where it says: "Uploading a new certificate or certificate trust list (CTL) file can affect your system operations" Be nice a vague, eh, Cisco

The Tomcat certificate is trivial to understand and is pretty much non-service affecting.

Questions include:

- Exactly what does the CallManager certificate protect ? When I was clearing out some old/junk CallManager certificates on my dev system, suddenly all my dev phones rebooted.

- All these darn CAPF certifcates. There is CAPF.pem in CAPF, various ones in CAPF-Trust, and even more in CallManager-trust. The thought of playing with these is making me nervous: I have no desire to brick all my phones. As I said, my clusters are in non-secure mode. (At the minute....)

- When I installed my own private CA certificate in the tomcat-trust store, I found it automagically propogated across all the servers in the cluster.  What else does CUCM do automagically ?

I recall seeing a link to a support communities document on CUCM Certificates, but I can't find it now that I need it

Thanks,

GTG