11-14-2018 07:17 AM
Hi,
Customer is trying to figure out a way to create a report of the MIC certificates in their Cisco IP Phones and their date of expiration to plan for the implementation of LSC.
Since we can use the "Days to Expiry" attribute in an AuthZ policy and it provides the quantity of days to expiry, it means that the expiration date is extracted and logged somewhere I guess. In which log can I find this information?
Thanks
Solved! Go to Solution.
11-14-2018 07:39 AM
12-06-2018 07:06 AM
Not that easy the CUCM is managed by a 3rd party which makes it challenging to deploy LSCs in the short term
11-14-2018 07:39 AM
11-15-2018 12:55 PM
100% clear thank you sir!
08-17-2020 09:36 AM
One alternative in this case, would be to write a duplicate policy for authenticating your phones on top of the existing policy but name this policy something like 'Phone-Auth-expires-less-than-100' and add the expire attribute as something that must be matched. You can then easily report on the devices that match this policy instead of your already existing policy.
11-16-2018 10:57 AM
I imagine ISE calculates the expiry date by deducting the expiration date of the cert from the current date. All X.509 certs have validity attributes.
BTW why wait for the MICs to expire? Why risk having phones not register some day in the future when you can just install your LSCs during a maintenance window?
12-06-2018 07:06 AM
Not that easy the CUCM is managed by a 3rd party which makes it challenging to deploy LSCs in the short term
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide