cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

7488
Views
15
Helpful
5
Replies
Highlighted
Beginner

Removing Certificates from CUCM

Hi All

In our environment, one of the Call Manager has some old unused certificates still on the server and its creating the impacts on some services. Now we need to remove these certificates from the server.

We can do it in one way :

CUCM -- OS Administration Page -- Security -- Certificate Management -- Find --  Choose Certificate 

and then we can remove / delete the certificates.

Now, I need to know if there is any other way to remove the certificates.

Regards

Rohit

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi Rohit,

Hi Rohit,

You can also remove certificates from CLI:

Remove Certificates via the CLI

Remove CAPF-trust Certificates

set cert delete CAPF <name of certificate>.pem

Remove CallManager-trust Certificates

set cert delete CallManager <name of certificate>.pem

Remove ipsec-trust Certificates

set cert delete ipsec <name of certificate>.pem

Remove Tomcat-trust Certificates

set cert delete tomcat <name of certificate>.pem

Remove TVS-trust Certificates

set cert delete TVS <name of certificate>.pem

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc13

Aseem

(Please rate if useful)

View solution in original post

5 REPLIES 5
Highlighted
Cisco Employee

Hi Rohit,

Hi Rohit,

You can also remove certificates from CLI:

Remove Certificates via the CLI

Remove CAPF-trust Certificates

set cert delete CAPF <name of certificate>.pem

Remove CallManager-trust Certificates

set cert delete CallManager <name of certificate>.pem

Remove ipsec-trust Certificates

set cert delete ipsec <name of certificate>.pem

Remove Tomcat-trust Certificates

set cert delete tomcat <name of certificate>.pem

Remove TVS-trust Certificates

set cert delete TVS <name of certificate>.pem

http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc13

Aseem

(Please rate if useful)

View solution in original post

Highlighted
Beginner

Hi Aseem

Hi Aseem

Thanks for your help and  letting me know .

Regards

Highlighted
Beginner

Hello, Aseem

Hello, Aseem

and Cisco Community.

Could you tell, please, may be you have faced the situation when it is impossible to delete cert from Web because of there is no Common Name of certificate (unable to open or to read it)therefore the last chance (before using root) is to delete cert with CLI command,

But list of cert in cli has the same cert with no Common Name and deleting is impossible as well ?

This is CUCM 10.5

Highlighted
Cisco Employee

Re: Hello, Aseem

Hi Fedor,

 

In your case you have to open SR to TAC and they will help you to delete certificate from root. Unfortunately, there is no another way to do that.

 

Stanislav.

Highlighted
Beginner

Re: Hi Rohit,

Stop 'Cisco Certificate Change Notification' service on all the CUCM servers. Then delete the tomcat certificate from each servers. Afterwards, start the 'Cisco Certificate Change Notification' service on all the servers.

 

Thanks

Biyas