[cisco-voip] Renewing TVS and IPSec certificates
Ryan Ratliff (rratliff)
rratliff at cisco.com
Tue Mar 27 15:13:04 EDT 2018
You also don’t need to restart the TFTP service when regenerating TVS certs, in fact it can cause problems depending on how quickly you pull the trigger and how many phones you have.
-Ryan
On Mar 27, 2018, at 1:37 PM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>> wrote:
If just doing IPSec, you just need to restart the DRS services. No affect on ITL.
As soon as you regenerate TVS on any node, all phones will reboot and ITL will be updated instantly. Be very careful to do this one node at a time making sure all phones re-register before moving on. Really only a huge issue if you are doing the CallManager.pem at the same time.
TVS certs aren't in the CTL last I checked so you shouldn't need to regenerate the CTL on mixed-mode clusters if just updating TVS/IPSec.
On Tue, Mar 27, 2018 at 1:03 PM, ROZA, Ariel <Ariel.ROZA at la.logicalis.com<mailto:Ariel.ROZA at la.logicalis.com>> wrote:
Hi guys,
I have some specific questions regarding renewing some certificates.
The situation is this. In a cluster with 4 servers, I have two of them that have their tvs.pem and ipsec.pem certificates paste their due date.
I have reviewed a lot of the documentation available, and designed a step-by-step procedure to renew them, doing so one server at a time, stopping the TFTP, etc.
But still I have some specific doubts:
If I just want to renew the ipsec.pem cert ¿Do I have to go through the complete process to renew the ITL and reset the phones to get it? Or can I just renew the self-signed cert and restart the DRS Services?
If I am using mixed mode ¿Do I have to regenerate the CTL file as well?
Regards,
Ariel Roza
Collaboration Support Engineer
t: +54 11 5282-0458<tel:+54%2011%205282-0458>
c: +54 9 11 5017-4417<tel:+54%209%2011%205017-4417> webex: http://logicalis-la.webex.com/join/ariel.roza
Av. Belgrano 955 – Piso 20 – CABA – Argentina – C1092AAJ
www.la.logicalis.com<http://www.la.logicalis.com/>
_________________________________________________
Business and technology working as one
<image001.png>
<image002.png>
<image004.jpg><image005.png><http://twitter.com/LogicalisLatam> <image006.png><http://es-es.facebook.com/pages/Logicalis-Latam/234648439078> <image007.png><http://www.youtube.com/logicalislatam>
Logicalis Argentina S.A. solo puede ser obligado por sus representantes legales conforme los límites establecidos en el acto constitutivo y la legislación en vigor.
El contenido del presente correo electrónico e inclusive sus anexos contienen información confidencial.
El mismo no puede ser divulgado y/o utilizado por cualquiera otro distinto al destinatario, ni puede ser copiado de cualquier forma.
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180327/fc93d757/attachment.html>
More information about the cisco-voip
mailing list