[cisco-voip] Resolving Sectigo root expiration affecting MRA

Anthony Holloway avholloway+cisco-voip at gmail.com
Wed Jun 3 10:27:58 EDT 2020


True, however, if they're not being used, it causes no issue, correct?
Much like the expiring root cert of Feb 2020 for Smart Call Home.

On Wed, Jun 3, 2020 at 9:20 AM Derek Andrew <Derek.Andrew at usask.ca> wrote:

> If you had previously installed the certs on CUCM CUP CUC and CER as we
> did, they would also have expired.
>
> On Wed, Jun 3, 2020 at 7:34 AM Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> CAUTION: This email originated from outside of the University of
>> Saskatchewan. Do not click links or open attachments unless you recognize
>> the sender and know the content is safe. If in doubt, please forward
>> suspicious emails to phishing at usask.ca
>>
>> Hunter,
>>
>> I might be exposing a gap in my knowledge here, but why did you need
>> these certs on CUCM?
>>
>> Cisco has now published a troubleshooting guide for this issue, and the
>> article does not mention modifying CUCM cert store.
>>
>>
>> https://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/215561-troubleshooting-expressway-mra-login-and.html
>>
>> On Sat, May 30, 2020 at 7:02 PM Hunter Fuller <hf0002 at uah.edu> wrote:
>>
>>> All,
>>>
>>> If you use certs whose trust is derived from the Sectigo root that
>>> expired today, and your MRA isn’t working, I’ll try to save you a call to
>>> TAC.
>>>
>>> Do all of these things:
>>>
>>>  - Load the new intermediates and root into callmanager-trust and
>>> tomcat-trust on all your UCMs
>>>  - restart tomcat, tftp, and callmanager on those boxes
>>>  - load the new intermediates and root into the CA trust store on all
>>> expressways
>>>  - reboot the Expressway-Es
>>>
>>> If you need more detail or help, let me know, we just got off the phone
>>> with TAC. Hope it helps.
>>>
>>> --
>>>
>>> --
>>> Hunter Fuller (they)
>>> Router Jockey
>>> VBH Annex B-5
>>> +1 256 824 5331
>>>
>>> Office of Information Technology
>>> The University of Alabama in Huntsville
>>> Network Engineering
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>
> --
> Copyright 2020 Derek Andrew (excluding quotations)
>
> +1 306 966 4808
> Communication and Network Services
> Information and Communications Technology
>
> *University of Saskatchewan*Peterson 120; 54 Innovation Boulevard
> Saskatoon,Saskatchewan,Canada. S7N 2V3
> Timezone GMT-6
>
> Typed but not read.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200603/a058acc4/attachment.htm>


More information about the cisco-voip mailing list