CUCM 12.5.1 - Certificate Renewal Question

Quintin.Mayo · ‎09-07-2022

Hi,

I renewed the CAPF certficate and found the Proxy service wasn't activated, activated and restarted the CCAPF service on the PUB. But the call manager and CAPF trust certificates didn't renew, I don't believe the system is using this certificate but found some information informing it bind itself to these two trust certificates. Since the Proxy service wasn't activated from the start, my question - is it safe to disable the service and delete the two trust certficates? Any direction would be greatly appreciated.

Quintin

Roger Kallberg · ‎09-07-2022

Is your CM in Mixed Mode? If not you should not have CAPF service activated. On the Proxy service I’m not sure what it used for. On the certificate question, even though you don’t use CAPF the certificates should be kept valid. Worth knowing is that when you renew the CAPF certificate it will not automatically remove the old trust certificate, that you need to do manually per node.

Roger Kallberg · ‎09-08-2022

For additional information on the process to renew various certificates in a Cisco UC landscape please have a look at this document that I created sometime back. Cisco UC Certificates Renewal Guide

Roger Kallberg · ‎09-08-2022

I checked on one of our CMs on the service you reference as Proxy. I think that you mean Cisco Certificate Authority Proxy Function, if so that is also only needed if you run the system in Mixed Mode. If you don't you should have the security services like this.