Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
1
Replies

Certificate Regen/Renewal - AddTrust

falling_d0wn
Level 1
Level 1

‎04-06-2020 06:28 AM - edited ‎04-06-2020 06:39 AM

My site has a full UC suite with CUCM/CUC 11.5.1 SU3, UCCX 11.6.2, Expressway 8.10.2, Conductor, Virtual Telepresence, etc..It is coming up on the 5 year mark since the system was originally installed with the help of a vendor.  The various self and CA certificates will need regenerated and/or replaced by next month.  I have gone over the procedure in the link below with a small test CUCM and CUC cluster and feel comfortable with process. 

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/214231-certificate-regeneration-process-for-cis.html

 

 

I am not running in mixed mode and aside from waiting for the endpoints to re-register after some of the certs, it seems straightforward.  What concerns me are a couple of certs that I'm unable to properly identify.  They exist on nearly all nodes in my system from CUCM to UCCX to Expressways. 

 

tomcat-trust USERTrust_RSA_Certification_Authority CA-signed RSA USERTrust_RSA_Certification_Authority AddTrust_External_CA_Root 05/30/2020 Trust Certificate


tomcat-trust AddTrust_External_CA_Root Self-signed RSA AddTrust_External_CA_Root AddTrust_External_CA_Root 05/30/2020 Trust Certificate

 

I deleted them on my test CUCM cluster only to judge the effect.  In the limited testing I could, the only thing it seemed to break was the ability for phone service to connect with Jabber over the Expressway.  CUC (where the cert still existed) connected up.  Phone service and voicemail connected over VPN back to my site so it appears to only affect Expressway sign in.  I added back the AddTrust cert only to CUCM and phone service began to work again.  

 

In doing some research, it seems the AddTrust cert has been discontinued.  I've found very little mention of it in Cisco docs aside from cloud Jabber configuration.  We use the hybrid model with WebEx Messenger providing IM along with local phone and voicemail service.  

 

I'm looking for some direction on this AddTrust cert.  I know it needs replaced but I'm not sure what to replace it with in order to keep Jabber working over Expressway.  Any advice?

 

Thanks,

B

3 people had this problem
Labels:
0 Helpful
1 Reply 1

adobesberger
Level 1
Level 1

‎06-03-2020 11:56 PM

Hi B,

 

please check the TechNote about the Sectigo CA Certificate Expiry on 30th May

Troubleshooting Expressway MRA Login and B2B Calling Issue due to Sectigo CA Certificate Expiry on 30th May 

 

Regards

Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents