[cisco-voip] Certificates expires - what happens next?

Justin Steinberg jsteinberg at gmail.com
Mon May 4 13:14:48 EDT 2015


brian - if you find yourself in this situation, how do you fix it ?    turn
off the security profile on the phone so it is no longer required to
authentication and then update the phone certs and re-enable the security
profile ?

On Mon, May 4, 2015 at 12:44 PM, Brian Meade <bmeade90 at vt.edu> wrote:

> Nothing really stops working besides certificate warnings in the browser.
> The phones don't check validity dates.  Only issue with a secure cluster is
> the CAPF on the publisher expiring since it signed all of the LSCs on the
> phones.  CallManager service will care about those being expired and they
> won't be able to re-register if they are reset.
>
>
> On Mon, May 4, 2015 at 11:09 AM, Reto Gassmann <voip at mrga.ch> wrote:
>
>> Hello Group
>>
>> I am just curious what happens, when certificates on an CUCM cluster
>> expire. We run a UCM cluster 9.1.2 in Mix Mode with 8 UCM server and 2 CUPS
>> server.
>>
>> What happens if one or all of the following certificates expire:
>> CallManager.pem, ipsec.pem, tomcat.pem or CAPF.pem and the according -trust
>> certificates.
>>
>> Will the UCM cluster stop working, DB replication issues or will I have
>> error messages on the phones?
>>
>> Thanks for your thoughts
>> Regards Reto
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150504/bbe6d6cd/attachment.html>


More information about the cisco-voip mailing list