cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
429
Views
15
Helpful
5
Replies

"CallManager-trust" certificates in Unity Connection 11.5.1.15900-18

TONY SMITH
Collaborator
Collaborator

Hi,

I'm going through some clusters cleaning up expiring certificates.  One thing that's puzzling me is that Unity Connection has "CallManager-trust" certificates, but apparently no underlying "CallManager" self-signed certificates to be regenerated.   Are these originating certificates hidden somewhere?

Thanks,

Tony S

5 Replies 5

lfulgenzi
Rising star
Rising star

I am running into the same issue. Renewing about to expire certs on Unity Connection and I am seeing the same certificate loaded as a CallManager-trust type, in addition to the tomcat and tomcat-trust (auto-loaded), on my servers.

@TONY SMITH did you ever find a resolution to this?


TONY SMITH
Collaborator
Collaborator

I didn't get to the bottom of it.  This bug suggests that the actual Callmanager certificates do indeed exist, although may only be used in some specific functions.  Nothing seems to explain how you would regenerate these certificates if you can't see them.  Maybe from the CLI?  If I find a cluster where they're expired I'd probably raise a TAC case.

At the moment I'm treating it as cosmetic, the clusters I'm working on have those certificates and they are not expired (yet).

https://bst.cisco.com/bugsearch/bug/CSCvr91605

lfulgenzi
Rising star
Rising star

Thanks @TONY SMITH 

I came across that bug as well, but I’m not sure that applies in my case.  

What’s weird is that it’s the Unity connection own  (public CA signed) certificate that has been loaded as a CallManager-trust type cert.

Hopefully my TAC engineer can shed light.  
My certs expire soon, so I want to deal with it.  I may just delete the old one and “see what breaks”.  

Roger Kallberg
VIP Expert VIP Expert
VIP Expert

These certificates dates back to when CM and CUC shared the same installer and in most scenes used the same underlying operating system. Nowadays these two have diverged into different products. Because of this there is no Callmanager certificate, but the previous created or uploaded trust certificates are still present, but AFAIK they are not in use.



Response Signature


lfulgenzi
Rising star
Rising star

OK. Thanks. I guess my colleague either just assumed he needed to renew them or the TAC told him so. Come to think of it, I renewed the certs for three years before him,  then he did for two years... so maybe we were on a different version 6 years ago? version 7 or 9 maybe? 

Oh well..... they're gone! click. delete.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers