Guest

Preview Tool

Cisco Bug: CSCun33173 - CUP can synch back old self signed certificate from CUCM after reinstall

Last Modified

Feb 04, 2017

Products (2)

  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager IM and Presence Service Version 10.0

Known Affected Releases

10.0(1)

Description (partial)

Symptom:
An old self-signed tomcat certificate is listed on the CUCM Instance Messaging and Presence OS Admin UI > Security > Certificate Management page. If deleted, it re-appears when the Cisco Intercluster Sync Agent audit task has executed.

Conditions:
The issue can occur under the following conditions:

The CUCM Instance Messaging and Presence nodes are defined using their ip address on the Cisco Unified Communications Manager Admin UI (CUCM Admin UI > System > Servers)

The self-signed tomcat security certificates are re-generated on any of the CUCM Instance Messaging and Presence subscriber nodes. This can happen either by directly re-generating the tomcat certificate or by re-installing a subscriber node.

The old self-signed tomcat certificate for the CUCM Instance Messaging and Presence node exists on the CUCM node as a tomcat-trust certificate. The old certificate is continually re-synchronised to the CUCM Instance Messaging and Presence nodes by the Cisco Intercluster Sync Agent service.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.