Solved: Regeneration of expired all certicates on Communications Manager - Page 2

Ali Amir · ‎07-16-2016

Hello everyone,

I'm currently working on regenerating all call manager certificates (tomcat, Callmanager, TVS, CAPF). On both publisher and subscriber all of these certificates have been expired but all phones are registered and functional.

CUCM version is 8.5.1 and Non-Secure.

I've already checked following articles:

CUCM Certificate Regeneration/Renewal Process

Cisco Unified Communications Manager Security Guide, Release 8.0(2)

CallManager Certificate Expiration and Deletion

How to regenerate self-signed certificates on CUCM, IM&P and CUC

I've got that I could not regenerate some certificates together.

Which order of certificate regeneration and restarting of services should be concerned?

john.f.spencer · ‎03-29-2018

Regeneration was successful using the cluster rollback feature. To be safe I performed the regen on Primary and Secondary TFTP and reset phones between CAllManager.pem and TVS.pem regen just to be safe, but probably wasn't necessary because the ITL list was never populated until after the rollback was turned off.

If you check the phone trust list before turning on rollback you'll note the current trusted servers, after rollback is enabled you'll note that the list is blank (during the entire process even after phones reset). This is how you know it's working.

CUCM Certificate Regeneration/Renewal Process:
https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html