I'm going through some clusters cleaning up expiring certificates. One thing that's puzzling me is that Unity Connection has "CallManager-trust" certificates, but apparently no underlying "CallManager" self-signed certificates to be regenerated. Are these originating certificates hidden somewhere?
I didn't get to the bottom of it. This bug suggests that the actual Callmanager certificates do indeed exist, although may only be used in some specific functions. Nothing seems to explain how you would regenerate these certificates if you can't see them. Maybe from the CLI? If I find a cluster where they're expired I'd probably raise a TAC case.
At the moment I'm treating it as cosmetic, the clusters I'm working on have those certificates and they are not expired (yet).
Thanks @TONY SMITH
I came across that bug as well, but I’m not sure that applies in my case.
What’s weird is that it’s the Unity connection own (public CA signed) certificate that has been loaded as a CallManager-trust type cert.
Hopefully my TAC engineer can shed light.
My certs expire soon, so I want to deal with it. I may just delete the old one and “see what breaks”.
These certificates dates back to when CM and CUC shared the same installer and in most scenes used the same underlying operating system. Nowadays these two have diverged into different products. Because of this there is no Callmanager certificate, but the previous created or uploaded trust certificates are still present, but AFAIK they are not in use.
OK. Thanks. I guess my colleague either just assumed he needed to renew them or the TAC told him so. Come to think of it, I renewed the certs for three years before him, then he did for two years... so maybe we were on a different version 6 years ago? version 7 or 9 maybe?
Oh well..... they're gone! click. delete.