cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
9519
Views
15
Helpful
5
Replies
Rohit Khajuria
Beginner

Removing Certificates from CUCM

Hi All

In our environment, one of the Call Manager has some old unused certificates still on the server and its creating the impacts on some services. Now we need to remove these certificates from the server.

We can do it in one way :

CUCM -- OS Administration Page -- Security -- Certificate Management -- Find --  Choose Certificate 

and then we can remove / delete the certificates.

Now, I need to know if there is any other way to remove the certificates.

Regards

Rohit

1 ACCEPTED SOLUTION

Accepted Solutions
Aseem Anand
Cisco Employee

Hi Rohit,

You can also remove certificates from CLI:

Remove Certificates via the CLI

Remove CAPF-trust Certificates

set cert delete CAPF <name of certificate>.pem

Remove CallManager-trust Certificates

set cert delete CallManager <name of certificate>.pem

Remove ipsec-trust Certificates

set cert delete ipsec <name of certificate>.pem

Remove Tomcat-trust Certificates

set cert delete tomcat <name of certificate>.pem

Remove TVS-trust Certificates

set cert delete TVS <name of certificate>.pem

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc13

Aseem

(Please rate if useful)

View solution in original post

5 REPLIES 5
Aseem Anand
Cisco Employee

Hi Rohit,

You can also remove certificates from CLI:

Remove Certificates via the CLI

Remove CAPF-trust Certificates

set cert delete CAPF <name of certificate>.pem

Remove CallManager-trust Certificates

set cert delete CallManager <name of certificate>.pem

Remove ipsec-trust Certificates

set cert delete ipsec <name of certificate>.pem

Remove Tomcat-trust Certificates

set cert delete tomcat <name of certificate>.pem

Remove TVS-trust Certificates

set cert delete TVS <name of certificate>.pem

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc13

Aseem

(Please rate if useful)

View solution in original post

Hi Aseem

Thanks for your help and  letting me know .

Regards

Hello, Aseem

and Cisco Community.

Could you tell, please, may be you have faced the situation when it is impossible to delete cert from Web because of there is no Common Name of certificate (unable to open or to read it)therefore the last chance (before using root) is to delete cert with CLI command,

But list of cert in cli has the same cert with no Common Name and deleting is impossible as well ?

This is CUCM 10.5

Hi Fedor,

 

In your case you have to open SR to TAC and they will help you to delete certificate from root. Unfortunately, there is no another way to do that.

 

Stanislav.

Stop 'Cisco Certificate Change Notification' service on all the CUCM servers. Then delete the tomcat certificate from each servers. Afterwards, start the 'Cisco Certificate Change Notification' service on all the servers.

 

Thanks

Biyas

Content for Community-Ad

Spotlight Awards 2021