07-17-2022 06:08 PM
Hi everyone, there is a CUCM publisher and a subscriber in our cluster, the 'Cluster Security Mode' is set to '1', 'Device Security Profile' is set to 'Non-Secure Profile' in phone configuration, there is no Authentication, and Encrypted Config. The certificates in the cluster will expire on 25 July 2022, does this affect our IP phone register and calling?
Solved! Go to Solution.
07-17-2022 07:24 PM
The phone will continue working.
It is critical for the good functionality of the system to have all certificates updated across the CUCM cluster. If your certificates are expired or invalid they might significantly affect the normal functioning of the system. A list of potential issues you might have when any of the specific certificates are invalid or expired is shown here. The difference in impact might depend upon your system setup.
CallManager.pem
Tomcat.pem
CAPF.pem
IPSec.pem
Trust Verification Service (TVS)
The phone cannot authenticate HTTPS service. The phone cannot authenticate configuration files (this can affect nearly everything on CUCM).
phone-vpn-trust
The phone VPN does not work because the VPN's HTTPS URL cannot be authenticated.
07-17-2022 07:24 PM
The phone will continue working.
It is critical for the good functionality of the system to have all certificates updated across the CUCM cluster. If your certificates are expired or invalid they might significantly affect the normal functioning of the system. A list of potential issues you might have when any of the specific certificates are invalid or expired is shown here. The difference in impact might depend upon your system setup.
CallManager.pem
Tomcat.pem
CAPF.pem
IPSec.pem
Trust Verification Service (TVS)
The phone cannot authenticate HTTPS service. The phone cannot authenticate configuration files (this can affect nearly everything on CUCM).
phone-vpn-trust
The phone VPN does not work because the VPN's HTTPS URL cannot be authenticated.
07-18-2022 07:59 AM
Thanks for your help.
There are some phones installed with LSC, ITL, and CTL files, and some phones installed with ITL and CTL but no LSC in our environment, in this situation, can we change ‘Cluster Security Mode’ to ‘0’ (Non-secure mode)? How to change it?
Thanks.
07-23-2022 07:16 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide