Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1260
Views
3
Helpful
3
Replies

CUCM v14(SU3) certificates regeneration

Go to solution
Michalis Papasavva
Level 3
Level 3

‎10-17-2024 07:33 AM

Hi,

For mix mode cluster, before version 14 i know you need to update CTL file for CAPF, Call manager and TVS certificates and restart services with below order.

  1. Upload certificates
  2. Run the utils ctl update CTLFile only on Publisher
  3. Restart services.
  4. Restart all phones from enterprise parameters

On version 14, in enterprise parameters the "Phone interaction on Certificate Update parameter is automatically reset" by default. So when the regeneration of certificate the phones automatically reset to update ITL file. 

I need to set Phone interaction on Certificate Update  to manually and proceed with the above order of regeneration of certificates or doesn't matter if the phones restart before updating the CTL file?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marco Rojas Abarca
Cisco Employee
Cisco Employee

‎07-30-2025 12:43 PM

Hello Michalis,

You can take advantage of tool called CUCM Certificate Planner Tool available here:

https://cway.cisco.com/csa-new/#/aiguidedworkflows

You can used the Tailored approach, which will generate a step-by-step process on what you will need to do.

Here is the information you will need to use this tool:

Complete System Version?
Mixed mode enabled?
SSO enabled?
LSC configured?

Collect the output from running the following command in VOS CLI:

run sql select c.servername, tcs.name, dist.moniker, c.ipv4address, c.certificate from certificate as c inner join certificateservicecertificatemap as cscm on c.pkid = cscm.fkcertificate inner join typecertificateservice as tcs on cscm.tkcertificateservice = tcs.enum inner join typecertificatedistribution as dist on c.tkcertificatedistribution = dist.enum

Save the CLI outputs (without making any changes) to a .txt or .log file.

Hope this information helps,
Marco R.

View solution in original post

3 Replies 3

Go to solution
Marco Rojas Abarca
Cisco Employee
Cisco Employee

‎07-30-2025 12:43 PM

Hello Michalis,

You can take advantage of tool called CUCM Certificate Planner Tool available here:

https://cway.cisco.com/csa-new/#/aiguidedworkflows

You can used the Tailored approach, which will generate a step-by-step process on what you will need to do.

Here is the information you will need to use this tool:

Complete System Version?
Mixed mode enabled?
SSO enabled?
LSC configured?

Collect the output from running the following command in VOS CLI:

run sql select c.servername, tcs.name, dist.moniker, c.ipv4address, c.certificate from certificate as c inner join certificateservicecertificatemap as cscm on c.pkid = cscm.fkcertificate inner join typecertificateservice as tcs on cscm.tkcertificateservice = tcs.enum inner join typecertificatedistribution as dist on c.tkcertificatedistribution = dist.enum

Save the CLI outputs (without making any changes) to a .txt or .log file.

Hope this information helps,
Marco R.

Go to solution
Michalis Papasavva
Level 3
Level 3
In response to Marco Rojas Abarca

‎07-30-2025 11:19 PM

Thank you Marco

0 Helpful

Go to solution
Maren Mahoney
VIP
VIP

‎08-05-2025 05:55 AM

I also HIGHLY recommend the Cisco UC Certificates Renewal Guide written by @Roger Kallberg:

Cisco UC Certificates Renewal Guide 

Maren

Customers Also Viewed These Support Documents