[cisco-voip] Couple misc. CTL/certificate questions...

[Ed Leatherman]

I'm getting ready to install security tokens soon on CM 7.1, and noticed a
few things while I was pulling my plan together. I was hoping someone might
know the answer(s)

- While looking around at the existing certs on my cluster (non-secure mode
right now) I noticed a CAPF.pem on every node, with a different serial
numbers and CNs. I thought this should only exist on the publisher? Does it
just ignore the certs on the other nodes when i put the cluster in mixed
mode?

- Also while poking around - once again, non-secure mode - I noticed all
the CallManager.pem files have varying expiration dates on them (seems to
coincide with when I refreshed hardware). Some of them expire as early as
2014.. would it be a good idea to refresh the certs now so that they have
later expiration dates, before I start pushing CTL files out to phones? If
I do this, do I need to restart the CM service?

Thanks !


-- 
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120620/bf4337e3/attachment.html>