<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head><body lang="EN-CA" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">We had to rebuild our CUCM 12.5 publisher. That part went ok, but now the subscribers have an ITLRecovery certificate that differs from the pub and are giving out an ITL file signed with that certificate. The publisher has the old, correct
certificate which is got with the restore, but it looks like the subscribers for some reason got the ITL cert that the publisher generated after the build but before the restore. Phones are fine if the publisher is their TFTP server but reject the ITL file
if a subscriber is their TFTP server.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">TAC is saying we need to regenerate the ITL recovery certificate and then the ITL file which sounds extremely risky. I can't see why this would be necessary since the publisher certificate is correct. Does anyone have experience with an
issue like this? Changing CUCM certificates always makes me nervous. My nightmare situation is that we would have to factory reset all the phones.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Eric<o:p></o:p></p>
</div>
<br>
<br>
Bennett Jones is committed to mitigating the spread of COVID-19. We have
transitioned to a remote work environment and continue to provide
complete and uninterrupted service to our clients. Visit our COVID-19
Resource Centre (https://www.bennettjones.com/COVID-19) for timely
legal updates.
<br>
<br>
The contents of this message may contain confidential and/or privileged
subject matter. If this message has been received in error, please contact
the sender and delete all copies. Like other forms of communication,
e-mail communications may be vulnerable to interception by unauthorized
parties. If you do not wish us to communicate with you by e-mail, please
notify us at your earliest convenience. In the absence of such
notification, your consent is assumed. Should you choose to allow us to
communicate by e-mail, we will not take any additional security measures
(such as encryption) unless specifically requested.
<br>
<br>
If you no longer wish to receive commercial messages, you can unsubscribe
by accessing this link: http://www.bennettjones.com/unsubscribe
</body></html>