05-04-2021 12:14 PM
I am preparing to apply a new CA-signed cert on my primary Call Manager that is in mixed mode.
I'm trying to determine what services actually have to be restarted as part of this process. There is no doubt i'll have to restart Call Manager, CTI and TFTP services everywhere they are running but I am finding mixed reviews on if I have to restart the TVS service as well.
my confusion comes from this line in the security by default white page: "If more than one TVS server exists (more than one server in the CallManager Group), the additional servers can authenticate the new CallManager.pem certificate. "
All of my CallManager Groups have 2 servers and each server is running TVS with the above line I would not think i have to restart TVS. Can anyone confirm if TVS needs to be restarted that has done this process before?
05-04-2021 01:18 PM
Have a look at this document that I wrote on the topic of certificates in UC systems. Cisco UC Certificates Renewal Guide
05-04-2021 01:31 PM
Thanks for the reply! that's a good document you've put together.That's pretty much word for word what this white page says about the CM cert and service restarts that should be done.
In my additional research before my maintenance window I found the security by default white page (in the section about regenerating certs) which implies to me that a TVS restart isn't required when you have TVS running on all your subs and all your CMGs have multiple subs.
I guess I won't get out of having to restart that service and just take the phone restart that comes with it. Thanks again for the reply!
05-04-2021 10:30 PM
The upload process in OS Administration should list the needed services to restart for each certificate type in the upload completed message you get.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide