Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
15
Helpful
2
Replies

IM&P Certificates

harresh123
Level 1
Level 1

‎11-29-2019 11:12 AM - edited ‎11-29-2019 11:14 AM

All the certificates in IM&P have expired. I understand the premise behind Tomcat and IPSEC which i have regenerated. What are the other critical certs that needs to be regenerated. I could think of below 3 that needs to be addressed. Wanted to make sure. These are self-signed certs.

cup

cup-xmpp

cup-xmpp-s2s

Alos, i see a couple of tomcat-trust certs in call-manager that are pertaining to IM&P cluster. When i regenerated the tomcat certs in IM&P, shouldn't the trust certs pertaining to IM&P in CUCM nodes automatically renew? How can i address the situation with tomcat-trust certs for IM&P in CUCM nodes. Is it a manual export of tomcat certs from IM&P and importing them to each CUCM node?

0 Helpful
2 Replies 2

Chris Deren
Hall of Fame
Hall of Fame

‎11-30-2019 07:27 AM

All expired certs should be re-generated, cup-xmpp is the critical one used by Jabber clients for IM/P and would generate warnings on Jabber client if expired.  

Anthony Holloway
Cisco Employee
Cisco Employee
In response to Chris Deren

‎11-30-2019 07:30 AM

I agree, all expired certs should be corrected, if for nothing else, to squelch the alarms generated by the system, so you can focus on the real problems.

By the way, the certs and their purpose are listed here:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/configAdminGuide/10_5_1/CUP0_BK_CE43108E_00_config-admin-guide-imp-105/CUP0_BK_CE43108E_00_config-admin-guide-imp-105_chapter_01010.html#CUP0_RF_C4534017_00
Customers Also Viewed These Support Documents