[cisco-voip] CUCM Certificate question

Corson, Teressa Teressa.Corson at doit.nh.gov
Tue Jul 1 12:04:55 EDT 2014 

Hi, I hope someone might be able to help me on this.

I have a CUCM 7.1.5 cluster and several certificates are expiring tomorrow (CAPF-trust, CallManager-trust, ipsec-trust, CAPF, CallManager, ipsec, tomcat).  The latter 4 were self-signed and I was able to regenerate them to renew the expiration date.  After doing that on both pub and one sub (the other sub doesn't show them expiring), I restarted tomcat.  I later noted that the CAPF-trust, CallManager-trust, ipsec-trust certs now also have a new date equal to those I regenerated.  The CAPF-trust and CallManager-trust actually show up on two new lines in the GUI; so the old cert is there and the new one is too.

>From what I'm reading online, it appears that I still have other steps to complete in order to direct CUCM to use the new certs.  This is where I need assistance.  I read some steps online that said "Run the CTL client and update CTL" but I do not know what that means.  I downloaded the CTL Client plugin and, after finding an old 32-bit laptop, was able to install it there.  Now, I'm not sure where to go from here.
Our phones don't use a secure mode as far as I can tell.  Security Setup shows Security Mode = Non Secure and LSC = Not Installed.  Trust List menu shows no CTL or ITL file installed, but it does say "Configuration (signed)."

Am I headed down the right path?  What should I be expecting from the CTL Client?  Or is there something different that I need to do to have the CUCM use the new certs?

Thanks.

T.

Teressa Corson, CCNP, CCDA, CCNP-Voice
TSS VI, Operations
Network Operations
State of NH, Department of Information Technology
603-223-5727
www.nh.gov/doit<http://www.nh.gov/doit>

Statement of Confidentiality:  The contents of this message are confidential.  Any unauthorized disclosure, reproduction, use or dissemination (either in whole or in part) is prohibited.  If you are not the intended recipient of this message, please notify the sender immediately and delete the message from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140701/add97823/attachment.html>

More information about the cisco-voip mailing list