Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
0
Replies

Removing and replacing expired CAPF certificates

sean.wellington
Level 1
Level 1

‎10-02-2018 10:33 AM

A customer currently has a CUCM 11.0(1) mixed-mode cluster with a publisher and a subscriber. The cluster currently has one expired tomcat-trust certificate for the publisher and several expired CAPF Callmanager-trust certificates. There are also valid tomcat-trust and CAPF certificates.

 

As I understand it, I can delete the expired tomcat-trust certificate without impacting the system, but with the CAPF certificates, I need to ensure that the phones are not using any of the expired CAPF certificates for registration. How do I verify this without having to examine the certificates on the phones one-by-one?

 

Also, I understand the process of replacing the expired CAPF certificates to be the following:

1.) Update the CTL file on CUCM using the CTL client or the "utils ctl update CTLFile"CLI command. (I believe this step might not be necessary, since the CTL file currently on CUCM is referencing a valid CAPF certificate in its #4 record.)

2.) Delete the CTL (and ITL?) files on the phones.

3.) Reboot the phones so that they will be updated with the updated CTL file.

4.) Delete the expired CAPF certificates.

 

Is this procedure correct? If it is correct, is there a way to delete the CTL/ITL files in the phones in bulk?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents