Steve B
asked on
Renewed Cisco UCM tomcat and tomcat-trust certificates not being issued
I have successfully generated new certificates for tomcat services and they are installed correctly. They both show the correct new expiration date (10/22/2019) in the certificate list from within Cisco Unified OS Administration. In order to implement them, I used ssh to the console and restarted the tomcat service with "utils service restart Cisco Tomcat"
The problem I am running into is that when starting Cisco Jabber client, it complains about the old certificate being expired (from 12/22/2017). It is not being issued the new certificate that I see is installed within the certificate store in Cisco Unified OS Administration.
Is there anything else I need to do to tell the system to issue the new cert to the clients? The 12/22/2017 cert doesn't exist and has been replaced by regenerating the certificate with the new expiration date of 10/22/2019. I thought restarting tomcat was all I needed to do but I guess not.
The problem I am running into is that when starting Cisco Jabber client, it complains about the old certificate being expired (from 12/22/2017). It is not being issued the new certificate that I see is installed within the certificate store in Cisco Unified OS Administration.
Is there anything else I need to do to tell the system to issue the new cert to the clients? The 12/22/2017 cert doesn't exist and has been replaced by regenerating the certificate with the new expiration date of 10/22/2019. I thought restarting tomcat was all I needed to do but I guess not.
ASKER
That didn't change anything. It ended up being a software bug in Cisco Call Manager. I had to deactivate the tftp server on our call manager appliance and activate it again:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy12120/?reffering_site=dumpcr
In order to resolve this problem go to the CUCM serviceability page and click on Tools – Service Activation – Select your TFTP Servers. Look for the TFTP Service and uncheck the box next to it to deactivate the service. Save the change.
Wait for about 5 minutes and then activate the service again.
I hope this helps someone.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuy12120/?reffering_site=dumpcr
In order to resolve this problem go to the CUCM serviceability page and click on Tools – Service Activation – Select your TFTP Servers. Look for the TFTP Service and uncheck the box next to it to deactivate the service. Save the change.
Wait for about 5 minutes and then activate the service again.
I hope this helps someone.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try hard bouncing Jabber (stop + restart) to maybe clear the problem.