05-07-2020 06:35 AM
Always been a little bit hazey regarding the certificates on Cisco UCM and Unity Connection, probably because once they're in its years before they expire again and don't need to touch them.
However as far as I understand, your main CallManager, IPSEC, Tomcat certificates need to be valid and have associated valid xxx-trust certificates.
However I've just jumped onto a Unity Connection cluster which isn't having any issues, but has expired certificates below of type RSA
ipsec & ipsec-trust
tomcat & tomcat-trust
but then does have a valid tomcat-ECDSA and associated tomcat-trust certs of type EC.
So as long as there is one type of valid EC or RSA certificate for Tomcat then web access and any other tomcat related services like EM on CUCM will operate correctly?
Regarding IPSEC, surely this certificate needs to be renewed? its not currently effecting anything, but I thought this would prevent backups from being successful? yet its was fine doing its daily backup this morning...
Any ideas on the above?
05-29-2020 11:50 AM
I see this question went down a storm :)
05-29-2020 12:49 PM
Have a look at this document that I published recently. https://community.cisco.com/t5/collaboration-voice-and-video/cisco-uc-certificates-renewal-guide/ta-p/4077131
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide