For one of our customer we noticed several RTMT SyslogSeverityMatchFound alerts generated every few minutes for Certificates expiration. The alerts I was getting were as follows:
Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8947: Feb 15 16:00:00.57 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:tomcat Unit:tomcat Type:own-cert Expiration:Wed Mar 3 08:16:58:000 GMT 2010 Cluster ID: Node ID:CCM-PUB, 42
Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8948: Feb 15 16:00:00.57 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:CallManager Unit:CallManager Type:own-cert Expiration:Thu Mar 4 08:41:45:00 Cluster ID: Node ID:CCM-PUB, 43
Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8949: Feb 15 16:00:00.58 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:CAPF Unit:CAPF Type:own-cert Expiration:Thu Mar 4 08:41:46:000 GMT 2010 / T Cluster ID: Node ID:CCM-PUB, 44
Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8950: Feb 15 16:00:00.58 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:CAPF-e00e8760 Unit:CallManager-trust Type:trust-cert Expiration:Thu Mar 4 0 Cluster ID: Node ID:CCM-PUB, 45
Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8951: Feb 15 16:00:00.59 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERG
These alerts are usually thrown if the certificates at Call manager are about to expire or expired.
I went into OS Admin and checked the status of all certificates:
Then I went into each of them to check the ‘Not After’ date:
The ones which were expired, I just regenerated them:
This stopped all RTMT alerts.
You can also regenerate certificates from CLI:
admin: set cert regen tomcat
Hello,
I am having the same issue. I regenerated the certificates of type cert, but the certificates of type trust-certs don’t have an option for regeneration. A specialist from cisco TAC suggested to delete the certificates, and they will be regenerated. Do I have to restart any service for this to happen?
Thanks,
Ibrahim
I don’t think there is any need to restart a service.
Thanks
Thanks for the article.
Did you notice any issues after the regeneration? I need to do this procedure but I don’t want anything to break after it is done.
Thanks
should i wait unitl after hours to delete the certificates ?
thanks
CJ
You can do it during production hours but I would recommend for a maintenance window if you can arrange one.
Hi,
We are in a position where our certs are about to expire. To renew/regenerate the LSC for the phones, is the process the same as you mention above (ie, Regenerate the CallManager and CAPF certs)?
Cheers
Ibrahim, Did you do this? and did they just regenerate after you deleted?
Thanks, Neil
Hello Friends,
Do exist any problem if I regenerate some certifieds? Do exist any risk on CUCM?