Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
987
Views
27
Helpful
9
Replies

Cert About to Expire (CUC)

Go to solution
silvervoip
Level 1
Level 1

‎10-06-2020 01:35 AM

Hello,

We are about to renew ipsec certificate on unity cluster. I was wondering once we get this completed, will user be asked to accept new certs on their Jabber (both PC & cell phones)?

 

Certificate name: ipsec.der

               Unit: ipsec

               Type: own-cert

 

Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RG979797
Level 1
Level 1

‎10-06-2020 03:37 PM

You don't have to worry about it. The only thing an expired IP Security cert will stop is the DRS backups.  

 

You can renew the IP Sec root cert from CUC pub and it will be replicated to the rest of the nodes. You will need to regenerate each of the expired IP sec service cert on all nodes individually. No service restart is needed!

 

This can be done during office hours. Done it many many times. 

View solution in original post

9 Replies 9

Go to solution
Nithin Eluvathingal
VIP
VIP

‎10-06-2020 01:41 AM

if user devices  has installed Root CA who signed your certificate, you wont get the certificate warning. if not  with new certificate, users will be asked to accept.



Response Signature


0 Helpful

Go to solution
silvervoip
Level 1
Level 1
In response to Nithin Eluvathingal

‎10-06-2020 02:10 AM

Hi,

 

How can I make sure that user devices have Root CA cert? The cert I am talking about is self-signed so does that mean users will be asked to accept new cert?

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to silvervoip

‎10-06-2020 07:10 AM

You need to download the certificate, and then distribute it to the devices, or have them accept the new certificate. This is covered in the Jabber documentation.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to Nithin Eluvathingal

‎10-06-2020 09:21 PM

The above reply is related to certificate warnings. The certificate which you mentioned  has no effect with jabber users .



Response Signature


Go to solution
Roger Kallberg
VIP
VIP

‎10-06-2020 10:10 AM

AFAIK The ipsec cert has no relevance for Jabber users.



Response Signature


Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to Roger Kallberg

‎10-06-2020 11:20 AM

You're absolutely right, missed that, it's Tomcat the one that is used with Jabber.

HTH

java

if this helps, please rate
0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to Jaime Valencia

‎10-16-2020 03:43 AM - edited ‎10-16-2020 03:45 AM

@Jaime Valencia 

Why did you only give 1 helpful vote on this? Second question how do one even change the number of votes given, I've always seen that it gives 5 when you press the Star?



Response Signature


Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to Roger Kallberg

‎10-16-2020 07:18 AM

I have absolutely no idea, I just gave you a helpful vote on that last comment but it does that automatically, I don't do anything differently, just click on the star. I don't get to choose the number of stars/helpful votes. Not sure if that might be due to being a Cisco employee. I'll ask the CSC team about that.

HTH

java

if this helps, please rate

Go to solution
RG979797
Level 1
Level 1

‎10-06-2020 03:37 PM

You don't have to worry about it. The only thing an expired IP Security cert will stop is the DRS backups.  

 

You can renew the IP Sec root cert from CUC pub and it will be replicated to the rest of the nodes. You will need to regenerate each of the expired IP sec service cert on all nodes individually. No service restart is needed!

 

This can be done during office hours. Done it many many times. 

Customers Also Viewed These Support Documents