McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 73

↗ View in doc context
page
73
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::61

Regenerate a Certificate We recommend that you regenerate certificates before they expire. You will receive warnings in RTMT (Syslog Viewer) and an email notification when the certificates are about to expire. However, you can also regenerate an expired certificate. Perform this task after business hours, because you must restart the the phones and reboot the services. You can regenerate only a certificate that is listed as type “cert” in Cisco Unified OS Administration Regenerating a certificate can affect your system operations. Regenerating a certificate overwrites the existing certificate, including a third-party signed certificate if one was uploaded. Caution Procedure Step 1 From Cisco Unified OS Administration, choose Security > Certificate Management. Enter the search parameters to find a certificate and view its configuration details. The system displays the records that match all the criteria in the Certificate List window. Click Regenerate button in the certificate details page, a self-signed certificate with the same key length is regenerated. Note When regenerating a certificate, the Certificate Description field is not updated until you close the Regeneration window and open the newly generated certificate. Click Generate Self-Signed Certificate to regenerate a self-signed certificate with a new key length of 3072 or 4096. Step 2 Configure the fields on the Generate New Self-Signed Certificate window. See online help for more information about the fields and their configuration options. Step 3 Click Generate. Step 4 Restart all services that are affected by the regenerated certificate. See Certificate Names and Descriptions, on page 55 for more information. Step 5 Update the CTL file (if configured) after you regenerate the CAPF, ITLRecovery Certificates, or CallManager Certificates. Note After you regenerate certificates, you must perform a system backup so that the latest backup contains the regenerated certificates. If your backup does not contain the regenerated certificates and you perform a system restoration task, you must manually unlock each phone in your system so that the phone can register. Important Phones will automatically reset to receive the updated ITL File after the regeneration or renewal of the CallManager, CAPF, and TVS certificates. Certificate Names and Descriptions The following table describes the system security certificates that you can regenerate and the related services that must be restarted. For information about regenerating the TFTP certificate, see the Cisco Unified Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 55 Basic System Security Regenerate a Certificate