Tomcat and Call Manager certificate

PriyaMK930726 · ‎08-19-2019

Hi,

I could see my call manager is having tomcat, tomcat-trust and Call Manager certificate as CA Signed and they are going to expire. To renew the same, i have to regenerate the certificates and have to give the same to CA to be signed and they will provide us the root and intermediate certificates to upload it into the server.

Can someone tell me what will be the impact if i not renew the tomcat and Call manager certificates?

What will be the extension for root and intermediate certificates given by CA? is that .csr or .pem or something else

Anthony Holloway · ‎08-19-2019

The CA will not give you a CSR, that is actually created by CUCM, and you give the CSR to the CA. The CA will then give you a certificate file back in the format you ask. E.g., .pem or .der (CUCM supports either).

If your tomcat cert expires you may notice a few different experiences, all depends on what features you're using, and whether or not you're asking about admin facing or user facing impacts. E.g., If users are used to accessing the Self Care portal, then they will start to see a browser warning there. If you are doing CUC PIN sync, then your CUCM to CUC AXL connection will be impacted. Etc.

If your CallManager certificate expires, in most cases, nothing bad will happen; as I've had many systems brought to my attention post-expiration, but fully functional, and we just regenerate them.

It seems like you're new to certificate work, and I'd encourage you to read the following article:
https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

Take a backup before you do any work, and reset your phones after each CM cert change! Good luck!

Dennis Mink · ‎08-19-2019

Do this after hours cos you willneed stop start the tomcat service

Please remember to rate useful posts, by clicking on the stars below.