McDewey

b. Click Find to find the list of Certificates. The Certificate List window appears. c. Click the ITLRecovery.pem Certificate link from the list of Certificates displayed. d. Click Regenerate, to regenerate the ITLRecovery Certificate. e. In the confirmation message pop-up, click OK. 4. Sign the CTLFile with utils ctl reset localkey in the CallManager Certificate. This also updates the CTLFile with the new ITLRecovery Certificate. 5. Reset in batches all the phones in the cluster to pick up the new CTLFile with new ITLRecovery Certificate. • Make sure all the phones in the cluster are registered. • Regenerating ITLRecovery will affect SAML SSO login of cluster incase system wide certificate is used for enablement. Note 6. Update the CTLFile to have it re-signed by the new ITLRecovery Certificate utils ctl update CTLFile. 7. Reset in batches all phones in the cluster for a second time to pick up the new CTLFile signed by the new ITLRecovery Certificate. 8. Phones are uploaded with the new ITLRecovery Certificate after the reset. Tomcat Certificate Regeneration From Release 14 onwards, if SIP OAuth is enabled, you must manually reset the phones after tomcat restart that are configured to use SIP OAuth. Note To regenerate the Tomcat certificate, perform the following steps: Procedure Step 1 Regenerate the Tomcat certificate. For more information see Administration Guide for Cisco Unified Communications Manager . Step 2 Restart the Tomcat Service. For more information see Administration Guide for Cisco Unified Communications. Step 3 If the cluster is part of an EMCC deployment, repeat the steps for bulk certificate provisioning. For more information see Administration Guide for Cisco Unified Communications Manager . Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 61 Basic System Security Tomcat Certificate Regeneration