CallManager -trust and CAPF-trust will expire

yuexp0929 · ‎02-06-2023

Hello All,

My CUCM version is 12.5.1.15900-66. Both ceritificates of CallManager -trust and CAPF-trust(issued by CAP-RTP-001) will expire. According to Cisco documents, it is NOT possible to regenerate them. I have some questions as follow.

1. What impact on CUCM if the certificates expire? I don't apply security profile on IP Phone.

2. Can I deleted the expired certificates?

2. How to generate new certificates to replace them? I don't want to apply for new ceritificates from thired-party.

Nithin Eluvathingal · ‎02-06-2023

If its call-manger trust and CAPF trust i dont see a challenge deleting them.

You cannot regenerate the Trust certificates.if you sign server certificate using CA, you must upload the root/Intermediate to trust store.

Basically trust store certs are the certs signing server certificates.

Refer the link for more information.

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/214231-certificate-regeneration-process-for-cis.html#anc10

I put a cheat sheet on my blog too.

https://defaultgateway.org/2021/07/01/cucm-certificate-regeneration-cheatsheet/

Roger Kallberg · ‎02-06-2023

@yuexp0929 wrote:

1. What impact on CUCM if the certificates expire? I don't apply security profile on IP Phone.

No impact.

@yuexp0929 wrote:

2. Can I deleted the expired certificates?

Yes

@yuexp0929 wrote:

3. How to generate new certificates to replace them? I don't want to apply for new ceritificates from thired-party.

You can't regenerate these.