Hello,
I am seeking your assistance to determine if phone restart process across the entire cluster is required after certificate renewal; in this particular case its for tomcat and callmanager certs. However, based on my lab work due to two CUCM entries for the phones [1 pub and 1 sub, Call manager service is running on both]- phones received the proper ITL file and certificates were renewed successfully with no outage (phones didn't reset) following recommended procedures [based on cisco documentation, forum cases and TAC recommendations].
According to cisco documentation,
"8.Reboot all Phones
- Cisco Unified CM Administration > System > Enterprise Parameters
- Select Reset then you will see a pop-up with the statement You are about to reset all devices in the system. This action cannot be undone. Continue?,select OK and then select Reset"
https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/214231-certificate-regeneration-process-for-cis.html#anc8
Another reference from Jason Burns.
"Newer versions of CUCM will handle this phone reset automatically and warn the user at certificate regeneration time."
https://community.cisco.com/t5/collaboration-voice-and-video/communications-manager-security-by-default-and-itl-operation-and/ta-p/3129362#toc-hId-2052532520
Please note the lab work was based on self-signed cert and upcoming production work is using CA signed cert.
Thanks.
Austin