05-09-2019 07:44 AM
Hi All,
I am looking to clean up a bunch of old certificates off of our UCM servers. Is there a good way to tell which ones are actually being used by things and which ones are just sitting there? I know we use the tomcat stuff for example but I have like 5 CAPF ones, most of which are expired for example.
Any good ways to check what UCM is using currently?
Thanks,
Solved! Go to Solution.
05-09-2019 08:37 AM
One of the available options is open the individual certificate (xxx.pem) by clicking on it and you can see the validity from and to. if the certificate To date is lower than current dates, you can remove these certificates.
Validity From: Wed Nov 12 10:04:12 GMT 2014
To: Mon Nov 11 10:04:11 GMT 2019
You can also set up certificate expiry from RTMT-
SyslogSeverityMatchFound generates whenever the certificate gets expired. if you read the logs you get the name of the certificate. please be sure that Cisco Certificate Expiry Monitor and Cisco Certificate Change Notification are enabled on all servers.
Regards,
Shalid
05-09-2019 08:37 AM
One of the available options is open the individual certificate (xxx.pem) by clicking on it and you can see the validity from and to. if the certificate To date is lower than current dates, you can remove these certificates.
Validity From: Wed Nov 12 10:04:12 GMT 2014
To: Mon Nov 11 10:04:11 GMT 2019
You can also set up certificate expiry from RTMT-
SyslogSeverityMatchFound generates whenever the certificate gets expired. if you read the logs you get the name of the certificate. please be sure that Cisco Certificate Expiry Monitor and Cisco Certificate Change Notification are enabled on all servers.
Regards,
Shalid
05-09-2019 09:24 AM
There is no easy way to find out if a certificate is being used or not, any certificate that is in the -trust store that is expired can be deleted as it won't work anymore. If they're from the same cluster, you'd need to regenerate the certificate in the server to get the new one. If they're from other cluster, servers, services, etc. you'd need to manually upload them.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: