Field Notice: FN - 70511 - Cisco Unified Collaboration Products with VOS (RHEL), Call Home Certificate Will Expire on 2020-02-07 - Workaround Provided

Available Languages

Updated:February 4, 2020

Document ID:FN70511

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	04-Feb-20	Initial Release

Products Affected

Affected OS Type	Affected Software Product	Affected Release	Affected Release Number
NON-IOS	Unified Communications Manager / Cisco Unity Connection Updates	UCM v10	10.0(1)SU1, 10.0(1)SU2, 10.5(1), 10.5(1)SU1, 10.5(1)SU1a, 10.5(2), 10.5(2)SU1, 10.5(2)SU2, 10.5(2)SU2a, 10.5(2)SU3, 10.5(2)SU3a, 10.5(2)SU4, 10.5(2)SU4a, 10.5(2)SU5, 10.5(2)SU6, 10.5(2)SU6a, 10.5(2)SU7, 10.5(2)SU8, 10.5(2)SU9
NON-IOS	Unified Communications Manager / Cisco Unity Connection Updates	UCM v11	11.0(1), 11.0(1a), 11.0(1a)SU1, 11.0(1a)SU2, 11.0(1a)SU3, 11.0(1a)SU3a, 11.0(1a)SU4
NON-IOS	Unified Communications Manager / Cisco Unity Connection Updates	UCM	11.5(1), 11.5(1)SU1, 11.5(1)SU2, 11.5(1)SU3, 11.5(1)SU3a, 11.5(1)SU3b, 11.5(1)SU4, 11.5(1)SU5, 11.5(1)SU6, 11.5(1)SU7, 11.5(1)SU7 EFT, 11.5(2), 12.0(1), 12.0(2), 12.5(1)
NON-IOS	Unified Communications Manager Updates	UCM	12.0(1)SU1, 12.0(1)SU2, 12.0(1)SU3, 12.5(1), 12.5(1)SU1, 12.5(1)SU1 EFT100, 12.5(1)SU1 EFT114, 12.5(1)SU1 EFT128, 12.5(1)SU1 EFT66, 12.5(1)SU1 EFT85, 12.5(1)SU2, 12.5(1)SU2 EFT111, 12.5(1)SU2 EFT113, 12.5(1)SU2 EFT47, 12.5(1)SU2 EFT87, 12.5(1)SU2-5 EFT
NON-IOS	Unity Connection Updates	12.0	12.0(1)SU1, 12.0(1)SU2, 12.0(1)SU3
NON-IOS	Unity Connection Updates	12.5	12.5(1), 12.5(1)SU1, 12.5(1)SU2
NON-IOS	Unified Presence Server (CUP) Updates	10.0	10.0(1), 10.0(1)SU1, 10.0(1)SU2
NON-IOS	Unified Presence Server (CUP) Updates	10.5(1)	10.5(1), 10.5(1)SU1, 10.5(1)SU2, 10.5(1)SU3
NON-IOS	Unified Presence Server (CUP) Updates	11.0	11.0(1)SU1
NON-IOS	Unified Presence Server (CUP) Updates	11.5(1)	11.5(1), 11.5(1)SU1, 11.5(1)SU2, 11.5(1)SU3, 11.5(1)SU3a, 11.5(1)SU4, 11.5(1)SU5, 11.5(1)SU5a, 11.5(1)SU6, 11.5(1)SU7
NON-IOS	Unified Presence Server (CUP) Updates	12.5(1)	12.5(1), 12.5(1)SU1, 12.5(1)SU2
NON-IOS	Prime License Manager Software Updates	10.0	10.0(1)
NON-IOS	Prime License Manager Software Updates	10.5	10.5(1), 10.5(2), 10.5(2)su1, 10.5(2)su1a, 10.5(2)su8, 10.5(2)su9
NON-IOS	Prime License Manager Software Updates	11.0(1)	11.0(1)
NON-IOS	Prime License Manager Software Updates	11.5	11.5(1), 11.5(1)SU1, 11.5(1)SU1a, 11.5(1)SU2, 11.5(1)SU5, 11.5(1)SU6, 11.5(1)SU7
NON-IOS	Unified Contact Center Express Software	Unified CCX 10	10.0(1)SU1, 10.5(1), 10.5(1)SU1, 10.6(1), 10.6(1)SU1, 10.6(1)SU3
NON-IOS	Unified Contact Center Express Software	Unified CCX 11	11.0(1)SU1, 11.5(1)SU1, 11.6(1), 11.6(2)
NON-IOS	Unified Contact Center Express Software	Unified CCX 12	12.0(1)
NON-IOS	Unified Intelligence Center Software	CUIC Version 10.0	10.0(1)
NON-IOS	Unified Intelligence Center Software	CUIC Version 10.5	10.5(1)
NON-IOS	Unified Intelligence Center Software	CUIC Version 11.0	11.0(1), 11.0(2)
NON-IOS	Unified Intelligence Center Software	CUIC VERSION 11.5	11.5(1)
NON-IOS	Unified Intelligence Center Software	CUIC VERSION 12.0	12.0(1)
NON-IOS	SocialMIner Software	10	10.0(1), 10.5(1), 10.6(1), 10.6(2)
NON-IOS	SocialMIner Software	11	11.0(1), 11.5(1), 11.5(1)SU1, 11.6(1), 11.6(2)
NON-IOS	SocialMIner Software	12	12.0(1)
NON-IOS	MediaSense Software	10	10.0(1), 10.5(1), 10.5(1)_SU1, 10.5(1)_SU2
NON-IOS	MediaSense Software	11	11.0(1), 11.0(1)_SU1, 11.5(1), 11.5(1)_SU1, 11.5(1)_SU2
NON-IOS	Finesse Software	10	10.0(1), 10.0(1)SU1, 10.0(1)SU1ES2, 10.5(1), 10.5(1)ES1, 10.5(1)ES10, 10.5(1)ES2, 10.5(1)ES3, 10.5(1)ES4, 10.5(1)ES5, 10.5(1)ES6, 10.5(1)ES7, 10.5(1)ES8, 10.5(1)ES9
NON-IOS	Finesse Software	11	11.0(1), 11.0(1)ES1, 11.0(1)ES2, 11.0(1)ES3, 11.0(1)ES4, 11.0(1)ES5, 11.0(1)ES6, 11.0(1)ES7, 11.0(1)ES_Rollback, 11.5(1), 11.5(1)ES1, 11.5(1)ES2, 11.5(1)ES3, 11.5(1)ES4, 11.5(1)ES5, 11.5(1)ES6, 11.6(1), 11.6(1)ES1, 11.6(1)ES2, 11.6(1)ES3, 11.6(1)ES4, 11.6(1)ES5, 11.6(1)ES6, 11.6(1)ES7, 11.6(1)ES8, 11.6(1)ES9
NON-IOS	Finesse Software	12	12.0(1), 12.0(1)ES1, 12.0(1)ES2
NON-IOS	Cisco Virtualized Voice Browser Software Releases	VVB 11	11.0(1), 11.5(1), 11.5(1)_ES27, 11.5(1)_ES29, 11.5(1)_ES32, 11.5(1)_ES36, 11.5(1)_ES43, 11.5(1)_ES53, 11.5(1)_ES54, 11.5(1)ES27, 11.5(1)ES29, 11.5(1)ES32, 11.5(1)ES36, 11.5(1)ES43, 11.6(1), 11.6(1)_ES22, 11.6(1)_ES80, 11.6(1)_ES81, 11.6(1)_ES82, 11.6(1)_ES83, 11.6(1)_ES84, 11.6(1)_ES85, Struts2_3_32Patch
NON-IOS	Cisco Virtualized Voice Browser Software Releases	VVB 12	12.0(1), 12.0(1)_ES01, 12.0(1)_ES02, 12.0(1)_ES03, 12.0(1)_ES04, 12.5(1)
NON-IOS	Prime License Manager Software Updates	10.0	10.0(1)
NON-IOS	Prime License Manager Software Updates	10.5	10.5(1), 10.5(2), 10.5(2)su1, 10.5(2)su1a, 10.5(2)su8, 10.5(2)su9
NON-IOS	Prime License Manager Software Updates	11.0(1)	11.0(1)
NON-IOS	Prime License Manager Software Updates	11.5	11.5(1), 11.5(1)SU1, 11.5(1)SU1a, 11.5(1)SU2, 11.5(1)SU5, 11.5(1)SU6, 11.5(1)SU7

Defect Information

Defect ID	Headline
CSCvs64158	Call Home Certificate Expires Feb 7 2020 for VOS Products

Problem Description

The Call Home Certificate that is included by default in many of the Cisco Unified Collaboration products expires on 2020-02-07.

Background

Cisco customers reported that they had received alerts about a certificate that was about to expire. Upon investigation, Cisco discovered that the Call Home Certificate included by default in the ISO image file has not been updated and expires in February 2020.

Problem Symptom

In the CiscoSyslog file, you may see a message similar to this one:

Jan 20 16:00:01 hostname local7 4 : 528: hostname: Jan 21 2020 12:00:01 AM.212 UTC : %UC_CERT-4-CertValidLessThanMonth: %[Message=Certificate expiration Notification. Certificate name:VeriSign_Class_3_Secure_Server_CA_-_G3.der Unit:tomcat-trust Type:own-cert ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=hostname]: Alarm that indicates Certificate Expire in 30 days or lesser

Workaround/Solution

Workarounds:

For Prime License Manager 10.5

To delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system, apply this COP file: ciscocm.plm-CSCvs64158_remove_sch_cert_C0050-1.k3.cop.sgn

Note: Please review the Readme file for installation instructions.

PLM 10.5

For Prime License Manager 11.5

To delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system, apply this COP file: ciscocm.plm-CSCvs64158_remove_sch_cert_C0050-1.k3.cop.sgn

Note: Please review the Readme file for installation instructions.

PLM 11.5

For Collaboration Products with version 11.0(1) and later

Perform these steps to delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system:

Browse to the Cisco Unified OS Administration GUI (if it is a multi-node cluster, use the Publisher) and choose Security > Certificate Management.
In the Certificate List, find the certificate where Common Name contains VeriSign.
Click VeriSign_Class_3_Secure_Server_CA_-_G3.

The Certificate Details window appears.
In the Certificate Details window, click the Delete button.

A warning message appears.
On the warning message, click OK.

The certificate is deleted from all nodes in the cluster.

For all other versions

Perform these steps to delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system:

Note: Steps 1 through 3 are preparation steps that you must perform before you delete the certificate in step 4.

Choose Cisco Unified Serviceability > Tools > Control Center - Network Services.
Stop Cisco Certificate Change Notification on all nodes in the cluster.
For IM and Presence Server(s): Stop the Platform Administration Web Service and Cisco Intercluster Sync Agent.
Delete the certificate on all the nodes, including IM and Presence. Follow the instructions in the Workaround "For Collaboration Products with version 11.0(1) and later" which appears elsewhere in this document.
Start the services which were stopped in Step 2 and Step 3.

Smart Call Home Certificate Renewal Procedure

If Smart Call Home is disabled, no further action is required after the certificate has been deleted.
If Smart Call Home is enabled, follow these steps after the certificate has been deleted:

Copy the certificate content from UCM Administration Guide Section "Information for Smart Call Home Certificates."

Note: The same certificate is valid for CUCM 10.5 and later versions.
Upload the PEM file as tomcat-trust in Cisco Unified OS Administration GUI Certificate Management Page as shown in this screenshot:
Find the certificate where Common Name contains QuoVadis and verify that QuoVadis_Root_CA_2 is listed as tomcat-trust.

Solution:

There is no solution available at this time.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)