Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1035
Views
5
Helpful
5
Replies

CUC Certificates

Go to solution
RL5901
Level 1
Level 1

‎10-07-2021 12:01 PM

I have a HA CUC cluster. I recently noticed that our certificates on the cluster have already expired. I have not observed any adverse effects of the expired certificates.

These certificates are:

  • On the Primary ...
    • ipsec - Primary is common name
    • ipsec-trust - Primary is common name
    • tomcat - Primary is common name
    • tomcat-trust 
      • One for the Primary,
      • One for the Secondary, 
      • One for the "Call Home Server Certificate" signed by Verisign
  • On the Secondary ...
    • ipsec - Secondary is common name
    • ipsec-trust - Secondary is common name
    • tomcat - Secondary is common name
    • tomcat-trust
      • One for the Secondary
      • One for the Primary
      • One for the "Call Home Server Certificate" signed by Verisign

My questions are,

  1. Do I need to renew these expired certificates?
  2. What are the consequences of not renewing these certificates?
  3. If it is advisable to renew the certificates then what is the recommended procedure for doing so?
1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP
In response to RL5901

‎10-07-2021 10:47 PM - edited ‎10-08-2021 12:13 AM

It’s likely because you have not restarted the service that use that certificate. It keeps the certificate in memory and does not reload it until next restart.



Response Signature


View solution in original post

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to RL5901

‎10-07-2021 11:28 PM

My questions are,

  1. Do I need to renew these expired certificates? Thumb Rule, Renew the certificates which expired and going to expire. 
  2. If it is advisable to renew the certificates then what is the recommended procedure for doing so? Refer link  @Roger Kallberg shared

 

 

 

Two  days back I faced an  issues with the DRF backup due to a expired certificate. If you didn't face an  issues, doesn't mean that its not required. Proactive is better than reactive. 

 

 



Response Signature


View solution in original post

5 Replies 5

Go to solution
Roger Kallberg
VIP
VIP

‎10-07-2021 12:37 PM

The recommendation is to always renew and keep all of your certificates valid. Please have a look at this document for the procedure for this. Cisco UC Certificates Renewal Guide 



Response Signature


0 Helpful

Go to solution
RL5901
Level 1
Level 1
In response to Roger Kallberg

‎10-07-2021 03:07 PM

The odd thing is, DRF is continuing to backup CUC with no errors (with an expired ipsec.pem certificate). I didn't expect to find that. 

 

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to RL5901

‎10-07-2021 10:47 PM - edited ‎10-08-2021 12:13 AM

It’s likely because you have not restarted the service that use that certificate. It keeps the certificate in memory and does not reload it until next restart.



Response Signature


0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to RL5901

‎10-07-2021 11:28 PM

My questions are,

  1. Do I need to renew these expired certificates? Thumb Rule, Renew the certificates which expired and going to expire. 
  2. If it is advisable to renew the certificates then what is the recommended procedure for doing so? Refer link  @Roger Kallberg shared

 

 

 

Two  days back I faced an  issues with the DRF backup due to a expired certificate. If you didn't face an  issues, doesn't mean that its not required. Proactive is better than reactive. 

 

 



Response Signature


Go to solution
RL5901
Level 1
Level 1
In response to Nithin Eluvathingal

‎10-08-2021 06:08 AM

Then I'll get this in front of our CCB to approve doing this asap. 

 

Thank you for the information, everyone. 

0 Helpful
Customers Also Viewed These Support Documents