McDewey

• A new enterprise parameter Phone Interaction on Certificate Update under section Security Parameter is introduced to reset phones either manually or automatically as applicable when one of the TVS, CAPF, or TFTP certificates are updated. This parameter is by default set to reset the phones automatically. • After regeneration, deletion, and updating of certificates, ensure you restart the appropriate services mentioned in the column "Services to be Restarted". • There is no specific restart needed for TVS, CAPF, and ITLRecovery services whenever a certificate is regenerated. Note This note is applicable from Release 14SU2 onwards. We do not support uploading of Multi-SAN certificates via the CLI. These certificates must always be uploaded via the OS Admin GUI. Important Regenerate CAPF Certificate To regenerate the CAPF certificate, perform the following steps: If the CAPF certificate is on the publisher, you might observe the phones restarting automatically to update their ITL file. This behavior is applicable when the Phone interaction on Certificate Update parameter is automatically reset. Note Procedure Step 1 Regenerate the CAPF certificate. Step 2 If you have a CTL file, then you must update the CTL file. For more information, see Regenerate a Certificate, on page 55. Step 3 CAPF service is automatically restarted when the CAPF certificate is regenerated. See the “Activating the Certificate Authority Proxy Function Service” section, in the Cisco Unified Communications Manager Security Guide. Regenerate TVS Certificate If you plan to regenerate both TVS and TFTP certificates, regenerate the TVS certificate, wait for the possible phone restarts to complete, and then regenerate the TFTP certificate. This is applicable when the Phone interaction on Certificate Update parameter is automatically reset. Note Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 58 Basic System Security Regenerate CAPF Certificate