[cisco-voip] Removing certificates by hand

Thu Apr 11 23:30:24 EDT 2019

When I had this problem TAC did it via SQL. It was a quick and easy call.

On 12/04/19 01:07, Matt Jacobson wrote:
> There are a few different bug id’s floating around where the expired
> cert is not deleted and does not show up in certificate management. If
> you can’t find them from CLI (see Anthony’s suggestions) or web but
> still receive alerts, then TAC can intervene with root user. 
> 
> On Thu, Apr 11, 2019 at 20:37 Anthony Holloway
> <avholloway+cisco-voip at gmail.com
> <mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
> 
>     I'm not saying this is what's happening, but the node which sent the
>     alert, could be different from the node with the expired cert on
>     it.  Maybe just double check the alert email.  Alternatively, just
>     look on the other nodes in that cluster for the cert in question. 
>     Keeping in mind that IM&P nodes are alerted on as a part of CUCM
>     RTMT alerting.
> 
>     Lastly, there is a show cert CLI command to try out:
> 
>     show cert list trust
> 
>     Then if you want to view the contents of one of those certs:
> 
>     show cert trust ipsec-trust/cucmsub1.example.com.pem
> 
>     On Wed, Apr 10, 2019 at 10:54 AM ROZA, Ariel
>     <Ariel.ROZA at la.logicalis.com <mailto:Ariel.ROZA at la.logicalis.com>>
>     wrote:
> 
>         Yes. The node matches the one in the alert
> 
>         Obtener Outlook para Android <https://aka.ms/ghei36>
> 
>         ------------------------------------------------------------------------
>         *From:* Brian Meade <bmeade90 at vt.edu <mailto:bmeade90 at vt.edu>>
>         *Sent:* Wednesday, April 10, 2019 12:46:24 PM
>         *To:* ROZA, Ariel
>         *Cc:* cisco-voip (cisco-voip at puck.nether.net
>         <mailto:cisco-voip at puck.nether.net>)
>         *Subject:* Re: [cisco-voip] Removing certificates by hand
>          
>         Are you looking on the right node that alerted?  I wouldn't
>         expect this to be in the DB either if it doesn't display in OS
>         Admin.
> 
>         On Wed, Apr 10, 2019 at 11:23 AM ROZA, Ariel
>         <Ariel.ROZA at la.logicalis.com
>         <mailto:Ariel.ROZA at la.logicalis.com>> wrote:
> 
>             I am receving RTMT alarms about an expired tomcat-trust
>             certificate, but the certificate is not listed in the
>             Certificate Management page. The cert was replaced by a new
>             certificate that is present in the list, nonetheless.____
> 
>             __ __
> 
>             Can I remove the old certificate by hand through the CLI? Or
>             there is something to be done at the database level?____
> 
>             __ __
> 
>             Thanks. ____
> 
>             __ __

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877