McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 82

↗ View in doc context
page
82
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::72

Certificate Monitoring and Revocation This section allows you to monitor certificates that have to be renewed and revoke certificates which are expired. Certificate Monitoring Overview Administrators must be able to track and renew certificates when services from Unified Communications Manager and IM and Presence Service contain automated systems. Certificate Monitoring helps administrators know the certificate status on an ongoing basis and generate an email alerting you when a certificate is approaching expiration. Certificate Monitoring Configuration The Cisco Certificate Expiry Monitor network service must be running. By default, this service is enabled, but you can confirm if the service is running in Cisco Unified Serviceability application by choosing Tools > Control Center - Network Services and verifying that the Cisco Certificate Expiry Monitor Service status is Running. Procedure Step 1 From the Cisco Unified OS Administration, Choose Security > Certificate Monitor Step 2 Enter or choose the configuration details. Step 3 Click Save to save the configuration. Note By default, the certificate monitor service runs once every 24 hours. When you restart the certificate monitor service, it starts the service and then calculates the next schedule to run only after 24 hours. The interval doesn't change even when the certificate is close to the expiry date of seven days. It runs every one hour when the certificate either has expired or is going to expire in one day. Certificate Revocation Overview This section allows you to understand certificate revocation. Cisco UCM provisions the Online Certificate Status Protocol (OCSP) for monitoring certificate revocation. Every time there's a certificate uploaded and at scheduled timelines, system checks for its status to confirm validity. For FIPS deployments with Common Criteria mode enabled, OCSP helps your system comply with Common Criteria requirements. Certificate Revocation Configuration Unified Communications Manager checks the status of the certificate and confirms validity. The certificate validation procedure is as follows: Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 64 Basic System Security Certificate Monitoring and Revocation