Cisco Bug: CSCun33173 - CUP can synch back old self signed certificate from CUCM after reinstall
Feb 04, 2017
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Communications Manager IM and Presence Service Version 10.0
Known Affected Releases
Symptom: An old self-signed tomcat certificate is listed on the CUCM Instance Messaging and Presence OS Admin UI > Security > Certificate Management page. If deleted, it re-appears when the Cisco Intercluster Sync Agent audit task has executed. Conditions: The issue can occur under the following conditions: The CUCM Instance Messaging and Presence nodes are defined using their ip address on the Cisco Unified Communications Manager Admin UI (CUCM Admin UI > System > Servers) The self-signed tomcat security certificates are re-generated on any of the CUCM Instance Messaging and Presence subscriber nodes. This can happen either by directly re-generating the tomcat certificate or by re-installing a subscriber node. The old self-signed tomcat certificate for the CUCM Instance Messaging and Presence node exists on the CUCM node as a tomcat-trust certificate. The old certificate is continually re-synchronised to the CUCM Instance Messaging and Presence nodes by the Cisco Intercluster Sync Agent service.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases