[cisco-voip] [External] Re: Resolving Sectigo root expiration affecting MRA

[Anthony Holloway]

Probably confusion with the tomcat cert, versus the tomcat-trust.

Remember this defect?
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy13916

On Sat, May 30, 2020 at 7:11 PM Hunter Fuller <hf0002 at uah.edu> wrote:

> I was wondering the same thing. You may be able to skip that one, but it
> advises you to restart it when updating the callmanager-trust store, so we
> did it.
>
> On Sat, May 30, 2020 at 19:10 Anthony Holloway <
> avholloway+cisco-voip at gmail.com> wrote:
>
>> MVP
>>
>> But why restart TFTP?
>>
>> On Sat, May 30, 2020 at 7:02 PM Hunter Fuller <hf0002 at uah.edu> wrote:
>>
>>> All,
>>>
>>> If you use certs whose trust is derived from the Sectigo root that
>>> expired today, and your MRA isn’t working, I’ll try to save you a call to
>>> TAC.
>>>
>>> Do all of these things:
>>>
>>>  - Load the new intermediates and root into callmanager-trust and
>>> tomcat-trust on all your UCMs
>>>  - restart tomcat, tftp, and callmanager on those boxes
>>>  - load the new intermediates and root into the CA trust store on all
>>> expressways
>>>  - reboot the Expressway-Es
>>>
>>> If you need more detail or help, let me know, we just got off the phone
>>> with TAC. Hope it helps.
>>>
>>> --
>>>
>>> --
>>> Hunter Fuller (they)
>>> Router Jockey
>>> VBH Annex B-5
>>> +1 256 824 5331
>>>
>>> Office of Information Technology
>>> The University of Alabama in Huntsville
>>> Network Engineering
>>>
>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>> --
>
> --
> Hunter Fuller (they)
> Router Jockey
> VBH Annex B-5
> +1 256 824 5331
>
> Office of Information Technology
> The University of Alabama in Huntsville
> Network Engineering
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20200531/af0b5318/attachment.htm>