Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
0
Replies

CallManager and Tomcat certificate renewal

brown3wab
Level 1
Level 1

‎09-04-2019 01:00 PM

CUCM 11.5(1)SU6

 

We need to renew our CallManager and Tomcat certs. We will be using a CA, again.

 

For the CallManager certificates, my original approach was to update the certs via Multi-SAN, then restart CallManager, CTIManager, and TFTP services.

For the Tomcat certificates, my original approach was to update the certs via Multi-SAN, then restart Tomcat services.

 

Then I read over this document  https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html#anc11

 

And saw the requirement to Utilize the "Prepare Cluster for Rollback to pre 8.0" Feature

AND to NOT edit certificates on both TFTP servers at the same time. This gives the phones no TFTP server to trust and requires the local administrator to manually remove the ITL from all phones.

 

Obviously, using the Multi-SAN feature, prevents us from applying the certs to the TFTP nodes individually, so I am a little concerned.

 

I just spoke with TAC who stated that we no longer need to use the rollback feature and we do not need to make changes to the TFTP nodes individually anymore.  While I do believe him, I am hoping to get the advice from anybody who has updated these certs recently and can confirm both of these things to be true. 

We are a hospital the relies heavily on Extension Mobility for all of our Call Centers, and breaking these services would essentially be catastrophic.  Any advice is greatly appreciated!

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents