[cisco-voip] CUCM DNS/CTL configuration - follow-up

Ed Leatherman ealeatherman at gmail.com
Thu May 28 10:21:59 EDT 2015


Good morning!

Cert related question - think I know the answer but I dont see it
explicitly stated so figured I'd ask.

I need to add the CA cert for my expressway-C to call manager as a
callmanager-trust cert - do I need to reboot the call manager service for
this to take effect? No forced phone reboots since this is just a trust
cert, correct? I think the answer is no and no phone reboots.

Thanks!

Ed




On Mon, May 18, 2015 at 10:46 AM, Brian Meade <bmeade90 at vt.edu> wrote:

> Ed,
>
> All phones re-registering is expected behavior for when any CallManager,
> CAPF, or TVS certificate on any node in the cluster is regenerated.  This
> is to allow phones to download an updated ITL before another certificate
> change is made.  This is also the same reason all phones re-register when
> adding a new node to a cluster.
>
> Tomcat-trusts usually automatically get updated via the Certificate Change
> Notification process.  There has been a few times I've seen conflicts that
> caused this not to work right though.
>
> Brian
>
> On Sun, May 17, 2015 at 10:06 AM, Ed Leatherman <ealeatherman at gmail.com>
> wrote:
>
>> Good morning,
>>
>> This morning I enabled DNS servers, domain name on our CUCM Cluster,
>> which involved regenerating all the certs on the cluster. Note I have
>> cluster mixed mode. Everything appears to have gone smoothly, but I had 2
>> odd things happen that I did not expect.. tossing them out here in case it
>> helps someone else, or if someone has commentary on "why" :)
>>
>> Reference: CUCM v9.1, mixed mode, never had dns servers or domain set
>> before.
>>
>> - After setting primary, secondary DNS and domain name, and the
>> subsequent reboot on each node ALL my phones on the cluster restarted or at
>> least re-registered each time, even for phones that do not use that node as
>> a CM. Is this CM process restarting everywhere each time or ? I didnt think
>> to check runtime on the CM process while I was working.
>>
>> - I expected to have to import tomcat certificates back and forth to the
>> publisher at each node once the certs were regenerated, as this was
>> necessary in the past. Apparently now they automagically download them from
>> each other? I went in to do it and the tomcat-trust was already there with
>> the new domain name.
>>
>> Cheers!
>>
>> Ed
>>
>> --
>> Ed Leatherman
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>


-- 
Ed Leatherman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150528/72dcbea7/attachment.html>


More information about the cisco-voip mailing list