McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 77

↗ View in doc context
page
77
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::66

Procedure Regenerate the TVS certificate. For more information see the Regenerate Certificate, section in the Cisco Unified Communications Manager Security Guide. The CTL file does not include a TVS certificate. So, if the TVS certificate is regenerated, you do not need to update the CTL file. The TVS service is automatically restarted when the TVS certificate is regenerated. Regenerate CallManager Certificate To regenerate a CallManager certificate, follow these steps: If you plan to regenerate multiple certificates you must regenerate the TFTP certificate last. Wait for the possible phone restarts to complete before you regenerate the TFTP certificate. You might need to manually delete the ITL File from all Cisco IP Phones, if you do not follow this procedure. This rule is applicable when the Phone interaction on Certificate Update parameter is automatically reset. Note Procedure Step 1 Regenerate the CallManager certificate. For more information, see Administration Guide for Cisco Unified Communications Manager . Step 2 If the TFTP service was activated, wait until all the phones have automatically restarted. Step 3 If your cluster is in mixed mode, update the CTL file. Step 4 If the cluster is part of an EMCC deployment, repeat the steps for bulk certificate provisioning. For more information, see Administration Guide for Cisco Unified Communications Manager . System Back-Up Procedure After TFTP Certificate Regeneration The trust anchor for the ITL File is a software entity: the TFTP private key. If the server crashes, the key gets lost, and phones will not be able to validate new ITL File. In Unified Communications Manager Release 10.0, the TFTP certificate and private key both get backed up by the Disaster Recovery System. The system encrypts the backup package to keep the private key secret. If the server crashes, the previous certificates and keys will be restored. Whenever the TFTP certificate gets regenerated, you must create a new system backup. For backup procedures, see the Administration Guide for Cisco Unified Communications Manager . Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 59 Basic System Security Regenerate CallManager Certificate