04-19-2013 06:58 AM - edited 03-16-2019 04:54 PM
Hi everyone,
My Company is spiltting in two separate companies, as a result of this we have to split also the Cisco IP Telephony system. Currently we are using CUCM 8.6.2 version with up to 1000 phones, we bought another CUCM so we can split phones 50/50. The second CUCM is setup, now is to the final step re hosting licenses with Cisco TAC and registering 50% of the phones to the new CUCM. My question is the following:
How to delete ITL files on half of the phones so they can be registered on the new CUCM - Publisher?
Two CUCM's are online but they are not conected via intercluster trunk, Both on them are using 8.6.2 version.
Thank you,
Solved! Go to Solution.
04-19-2013 11:43 AM
You dont have to worry about deleting ITL files, you can consolidate certificates between clusters as long as both clusters are online at the same time, so that the phone certs can be trusted by their new cluster. This another way to go about this..
Note |
---|
The Bulk Certificate Export method will only work if both clusters are online with network connectivity while the phones are being migrated. |
Another possible option if both the old and new clusters will be online at the same time is to use the Bulk Certificate migration method.
Remember that the IP Phones verify every downloaded file against either the ITL file, or against a TVS server that exists in the ITL file. If the phone needs to move to a new cluster, the ITL file the new cluster presents must be trusted by the old cluster's TVS certificate store.
The Bulk Certificate Export method works in the following way from the OS Adminstration > Security > Bulk Certificate page:
From this document
https://supportforums.cisco.com/docs/DOC-15799
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
04-22-2013 04:33 AM
Valdet,
Please use this link to learn how to export, consolidate and import the certifcates from both clusters. Export only the tftp certificates..The video exported all, but you only need TFTP... Start the video at 7:46 (time) this is the section that talks about certifcates
http://www.youtube.com/watch?v=WBHwy6-Uebg
NB: the Import option only appears after you have consolidated the certificates
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
04-19-2013 07:39 AM
This has been asked many times, you need to manually delete them from the phones, there are some 3rd party apps that can do this in Bulk, I know Cisco TAC has a tool for that as well, you may want to open a case to see if they can provide it to you.
HTH,
Chris
03-03-2016 05:24 PM
Hello,
I will migrate my CUCM from MCS to UCS, i have version 8.6 i will instal the 8.6 at Vmware and after that i will upgrade to 10.X
My question is i will use the same IP address of my old cluster, i have issues with the ITL Files?
Regards
Leonardo Santana
03-04-2016 01:41 AM
Hi,
No this doesn't affect your certificates and hence your ITL files
04-19-2013 11:43 AM
You dont have to worry about deleting ITL files, you can consolidate certificates between clusters as long as both clusters are online at the same time, so that the phone certs can be trusted by their new cluster. This another way to go about this..
Note |
---|
The Bulk Certificate Export method will only work if both clusters are online with network connectivity while the phones are being migrated. |
Another possible option if both the old and new clusters will be online at the same time is to use the Bulk Certificate migration method.
Remember that the IP Phones verify every downloaded file against either the ITL file, or against a TVS server that exists in the ITL file. If the phone needs to move to a new cluster, the ITL file the new cluster presents must be trusted by the old cluster's TVS certificate store.
The Bulk Certificate Export method works in the following way from the OS Adminstration > Security > Bulk Certificate page:
From this document
https://supportforums.cisco.com/docs/DOC-15799
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
04-19-2013 07:23 PM
Great suggestion. I wish I would have seen this a month ago. Had the exact problem and ended having to manually go to each phone.
Cheers.
08-01-2018 01:55 AM
Hi
I read through all the forums but nothing mentioned whether I need to export the certificate from each server in the cluster separately and consolidate and import. For example I have two clusters with 1 PUB and 2 SUBS. Do I need to run the consolidation on the PUB, then do the same for the SUBs. When I run the Bulk Import from the PUB all I see is the certs of both PUBs. I cannot see the name of the two SUBs?
04-22-2013 03:08 AM
It's all clear except line nr. 3, where cah i find Bulk Certificate import option to import certificates from the central SFTP server, I have only export option?
Thank you,
04-22-2013 03:30 AM
Valdet, you will need to import the certificates using the certificate management menu
security>certificate management>upload certificate>TVS
The certifcates you want to upload ashould be done as TVS type..This is where the phones will look when they do not find the correct signature in the CTL or ITL files
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
04-22-2013 03:41 AM
The file that is been exported looks like this: CUCMPUB_tftp.pkcs12
When I'm trying to upload to the originating Cluster it doesen't work: "Error reading the certificate"
Any idea what could it be?
Thank you,
04-22-2013 04:33 AM
Valdet,
Please use this link to learn how to export, consolidate and import the certifcates from both clusters. Export only the tftp certificates..The video exported all, but you only need TFTP... Start the video at 7:46 (time) this is the section that talks about certifcates
http://www.youtube.com/watch?v=WBHwy6-Uebg
NB: the Import option only appears after you have consolidated the certificates
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
04-22-2013 06:37 AM
Nice it worked.
I can only add one line on Bulk Certificate Export Document:
Export should be done from both sides in order to consolidate the certificates.
Thanks for the help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide