Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
139
Views
0
Helpful
2
Replies

Certificates

Translator
Community Manager
Community Manager

‎10-04-2024 04:30 AM

I need to remove the existing certification on a considerable number of devices and then install\upgrade a new one.
Basically on  
1- Certification Authority Proxy Function (CAPF) Information
Certificate Operation -> Delete
Certificate Operation -> Install\Upgrade
      -> by Existing Certificate(precedence to MIC)
 
After this action put on:
2- Device Security Profile -> remove Non-Secure Profile for the required template for the client
hcs.png
 
 
Is it possible to carry out this process on a massive scale?

 

0 Helpful
2 Replies 2

Translator
Community Manager
Community Manager

‎10-09-2024 07:56 AM

I think you can do this using the Bulk Edit feature in CUCM if your client is okay with the phones becoming non-secure for a short time.

Use the Bulk Edit Feature in CUCM to change the Certificate Operation to "Delete" and have the system "Reset" the phones after the change. Since the Device Security Profile is already set to Non-Secure the change should cause the phones to delete their certificates and revert to Non-Secure mode.

Then use the Bulk Edit Feature again to change the Certificate Operation to "Install" and at the same time to change the Device Security Profile to the desired secure profile. Bulk Edit can change more than one setting at a time.

Certainly test this method with one or two phones and, if successful, make the change in larger batches.

I did a webinar for Cisco a couple of years ago on using BAT for general administration and in it I demonstrated how to make bulk changes like this. I am providing a link to the video (which is in English) and the discussion/demonstration of the BAT Bulk Edit Feature begins at 16:45.

Community Live event: CUCM Bulk Administration Tool: Practical Things You Can Use Every Day 

I hope this is helpful. Please let me know if you have questions or need more information.

Maren

I think you can do this by using Bulk Edit feature in CUCM if your customer agrees that the phones will be unsafe for a short period of time.

Use the mass edit feature in CUCM to change the certificate operation to "Delete" and have the system "reboot" phones after the change. Because the device's security profile is already set to Unsafe, the change should cause phones to delete their certificates and return to Unsafe mode.

Then use the mass edit feature again to change the certificate operation to "Install" and at the same time change the device security profile to the desired secure profile. Bulk Edit can change more than one setting at a time.

Certainly test this method with one or two phones and, if successful, make the change in larger batches.

I did a webinar for Cisco a few years ago about using BAT for general administration and in it I demonstrated how to make mass changes like this. I am providing a link to the video and the BAT Bulk Edit feature discussion/demonstration starts at 4:45 p.m.

Community Live Event: CUCM Mass Administration Tool: Practical Things You Can Use Every Day 

I hope that will be useful. Please contact me if you have questions or need more information.

Maren

0 Helpful

Translator
Community Manager
Community Manager
In response to Translator

‎10-09-2024 10:14 AM

@Maren Mahoney  

I had exactly the same doubt regarding whether this action was possible through BULK. I appreciate your detailed response.

I will definitely watch the video as soon as possible, and, if applicable (depending on client approval), I'll explore this solution.

If it’s a go, I’ll certainly follow up with the results here.

Once again, thanks for your help

as regards 

NCosta

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card