Scenario#29 – Certificate expired – %CCM_UNKNOWN-CERT-0-CertExpiryEmergency

For one of our customer we noticed several RTMT SyslogSeverityMatchFound alerts generated every few minutes for Certificates expiration. The alerts I was getting were as follows:

Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8947: Feb 15 16:00:00.57 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:tomcat Unit:tomcat Type:own-cert Expiration:Wed Mar 3 08:16:58:000 GMT 2010 Cluster ID: Node ID:CCM-PUB, 42

Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8948: Feb 15 16:00:00.57 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:CallManager Unit:CallManager Type:own-cert Expiration:Thu Mar 4 08:41:45:00 Cluster ID: Node ID:CCM-PUB, 43

Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8949: Feb 15 16:00:00.58 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:CAPF Unit:CAPF Type:own-cert Expiration:Thu Mar 4 08:41:46:000 GMT 2010 / T Cluster ID: Node ID:CCM-PUB, 44

Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8950: Feb 15 16:00:00.58 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERGENCY_ALARM Message:Certificate expiration Notification. Certificate name:CAPF-e00e8760 Unit:CallManager-trust Type:trust-cert Expiration:Thu Mar 4 0 Cluster ID: Node ID:CCM-PUB, 45

Feb 15 16:00:00, CCM-PUB, Emergency, Cisco Certificate Monitor, : 8951: Feb 15 16:00:00.59 UTC : %CCM_UNKNOWN-CERT-0-CertExpiryEmergency: Certificate Expiry EMERG

These alerts are usually thrown if the certificates at Call manager are about to expire or expired.

I went into OS Admin and checked the status of all certificates:

Then I went into each of them to check the ‘Not After’ date:

The ones which were expired, I just regenerated them:

This stopped all RTMT alerts.

You can also regenerate certificates from CLI:

admin: set cert regen tomcat

Advertisement

9 thoughts on “Scenario#29 – Certificate expired – %CCM_UNKNOWN-CERT-0-CertExpiryEmergency

  1. Hello,

    I am having the same issue. I regenerated the certificates of type cert, but the certificates of type trust-certs don’t have an option for regeneration. A specialist from cisco TAC suggested to delete the certificates, and they will be regenerated. Do I have to restart any service for this to happen?

    Thanks,
    Ibrahim

  2. Thanks for the article.

    Did you notice any issues after the regeneration? I need to do this procedure but I don’t want anything to break after it is done.

    Thanks

  3. Hi,

    We are in a position where our certs are about to expire. To renew/regenerate the LSC for the phones, is the process the same as you mention above (ie, Regenerate the CallManager and CAPF certs)?

    Cheers

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: