McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 7

↗ View in doc context
page
7
source
cucm/v15/certificate-regeneration/certificate-regeneration.md
chunk_id
cucm::v15::certificate-regeneration::certificate-regeneration::6

Begin with the publisher, continue with the subscribers. In order to restart Tomcat, you need to open a CLI session for each node and execute the command utils service restart Cisco Tomcat. • 5. These steps are used from the CCX environment, if applicable: If self-signed certificate is used, upload the Tomcat certificates from all nodes of the CUCM cluster to Unified CCX Tomcat trust store. • If CA signed or private CA signed certificate is used, upload root CA certificate of CUCM to Unified CCX Tomcat trust store. • Restart the servers as mentioned in the certificate regeneration document for CCX. • Additional References: UCCX Solution Certificate Management Guide • Unified CCX Health Check Utility • IPSEC Certificate Note: CUCM/Instant Messaging and Presence (IM&P) before version10.X, the DRF Master Agent runs on both CUCM Publisher and IM&P Publisher. DRF Local service runs on the subscribers respectively. Versions 10.X and higher, DRF Master Agent runs on the CUCM Publisher only and DRF Local service on CUCM Subscribers and IM&P Publisher and Subscribers. Note: The Disaster Recovery System uses an Secure Socket Layer (SSL) based communication between the Master Agent and the Local Agent for authentication and encryption of data between the CUCM cluster nodes. DRS makes use of the IPSec certificates for its Public/Private Key encryption. Be aware that if you delete the IPSEC truststore (hostname.pem) file from the Certificate Management page, then DRS does not work as expected. If you delete the IPSEC-trust file manually, then you must ensure that you upload the IPSEC certificate to the IPSEC trust-store. For more details, refer to the certificate management help page in the Cisco Unified Communications Manager Security Guides. Navigate to each server in your cluster (in separate tabs of your web browser) and begin with the publisher, succeeded by each subscriber. Navigate to Cisco Unified OS Administration > Security > Certificate Management > Find. Select the IPSEC PEM Certificate. • Once open, select Regenerate and wait until you see the Success pop-up, then close pop-up or go back and select Find/List. • 1. Continue with subsequent Subscribers; perform the same procedure in step 1 and complete on all subscribers in your cluster. 2. After all Nodes have regenerated the IPSEC certificate then restart services. Navigate to the Publisher Cisco Unified Serviceability. Cisco Unified Serviceability > Tools > Control Center - Network Services 1. Select Restart on Cisco DRF Master Service. 2. Once the service restart completes, select Restart on the Cisco DRF Local Service on 3. • 3.