12-14-2014 07:19 PM - edited 03-17-2019 01:19 AM
Hi Sir / Mdm.
Good Day, i received the alert message. i had checked the CAPF cert still valid till 2017.
<WARNING> This message is sent automatically and the identity of the sender can not be technically verified </WARNING>
At Mon Dec 08 08:00:36 SGT 2014 on node 17x.1x.7x.2x, the following SyslogSeverityMatchFound events generated:
SeverityMatch : Critical
MatchedEvent : Dec 8 08:00:06 XXXXX local7 2 : 34: XXXXX: Dec 08 2014 00:00:06.412 UTC : %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:CAPF-9c7ac210.der Unit:CallManager-trust Type:own-cert Expiration:Mon Dec 1][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=XXXXX]: Alarm to indicate that Certificate has Expired or Expires in less than seven days
AppID : Cisco Syslog Agent
ClusterID :
NodeID : XXXXX
TimeStamp : Mon Dec 08 08:00:06 SGT 2014
Thanks for help.
12-14-2014 10:08 PM
Anyone can helping on this issue? I also facing the same issue. Appreciate that.
In fact I found something related but unfortunately the link seems no longer available in Cisco.com.
https://supportforums.cisco.com/discussion/11715056/rtmt-alert-syslogseveritymatchfound
12-15-2014 10:37 AM
CAPF is the component that is used to put your cluster in mixed mode. Mixed mode is when calls between endpoints uses SRTP and the signaling is encrypted using TLS. Do you know if your cluster is in mixed mode? This can be found from the Enterprise parameters.
12-15-2014 04:37 PM
Thanks George for your expertise advice.
I do not think my client running any SRTP in the environment. By the way, for my learning purpose, to check whether I am in the mixed mode we just go to the Enterprise Parameter > LBM Security Mode ?
12-15-2014 04:40 PM
Thats not the parameter, its 'Cluster Security Mode ' and if the value is 0, then the cluster is not mixed mode but if its 1, then the cluster is in mixed mode.
12-15-2014 08:01 PM
Hi George ,
Good Day, Thanks for the advice.
12-15-2014 04:48 PM
when you look at the crt's PEM through OS administration>security>certificate management, does it actually say that the cert is valid until 2017?
If it is, remove it, upload it again and restart CAPF and CTL service.
If it isn't, well, then replace the cert and restart CAPF and CTL services
12-15-2014 08:02 PM
Hi Dennis.
Good Day, Thanks for your advise.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide