05-09-2019 07:44 AM
Hi All,
I am looking to clean up a bunch of old certificates off of our UCM servers. Is there a good way to tell which ones are actually being used by things and which ones are just sitting there? I know we use the tomcat stuff for example but I have like 5 CAPF ones, most of which are expired for example.
Any good ways to check what UCM is using currently?
Thanks,
Solved! Go to Solution.
05-09-2019 08:37 AM
One of the available options is open the individual certificate (xxx.pem) by clicking on it and you can see the validity from and to. if the certificate To date is lower than current dates, you can remove these certificates.
Validity From: Wed Nov 12 10:04:12 GMT 2014
To: Mon Nov 11 10:04:11 GMT 2019
You can also set up certificate expiry from RTMT-
SyslogSeverityMatchFound generates whenever the certificate gets expired. if you read the logs you get the name of the certificate. please be sure that Cisco Certificate Expiry Monitor and Cisco Certificate Change Notification are enabled on all servers.
Regards,
Shalid
05-09-2019 08:37 AM
One of the available options is open the individual certificate (xxx.pem) by clicking on it and you can see the validity from and to. if the certificate To date is lower than current dates, you can remove these certificates.
Validity From: Wed Nov 12 10:04:12 GMT 2014
To: Mon Nov 11 10:04:11 GMT 2019
You can also set up certificate expiry from RTMT-
SyslogSeverityMatchFound generates whenever the certificate gets expired. if you read the logs you get the name of the certificate. please be sure that Cisco Certificate Expiry Monitor and Cisco Certificate Change Notification are enabled on all servers.
Regards,
Shalid
05-09-2019 09:24 AM
There is no easy way to find out if a certificate is being used or not, any certificate that is in the -trust store that is expired can be deleted as it won't work anymore. If they're from the same cluster, you'd need to regenerate the certificate in the server to get the new one. If they're from other cluster, servers, services, etc. you'd need to manually upload them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide