THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
Revision | Publish Date | Comments |
---|---|---|
1.0 |
04-Feb-20 |
Initial Release |
Affected OS Type | Affected Software Product | Affected Release | Affected Release Number | Comments |
---|---|---|---|---|
NON-IOS |
Unified Communications Manager / Cisco Unity Connection Updates |
UCM v10 |
10.0(1)SU1, 10.0(1)SU2, 10.5(1), 10.5(1)SU1, 10.5(1)SU1a, 10.5(2), 10.5(2)SU1, 10.5(2)SU2, 10.5(2)SU2a, 10.5(2)SU3, 10.5(2)SU3a, 10.5(2)SU4, 10.5(2)SU4a, 10.5(2)SU5, 10.5(2)SU6, 10.5(2)SU6a, 10.5(2)SU7, 10.5(2)SU8, 10.5(2)SU9 |
|
NON-IOS |
Unified Communications Manager / Cisco Unity Connection Updates |
UCM v11 |
11.0(1), 11.0(1a), 11.0(1a)SU1, 11.0(1a)SU2, 11.0(1a)SU3, 11.0(1a)SU3a, 11.0(1a)SU4 |
|
NON-IOS |
Unified Communications Manager / Cisco Unity Connection Updates |
UCM |
11.5(1), 11.5(1)SU1, 11.5(1)SU2, 11.5(1)SU3, 11.5(1)SU3a, 11.5(1)SU3b, 11.5(1)SU4, 11.5(1)SU5, 11.5(1)SU6, 11.5(1)SU7, 11.5(1)SU7 EFT, 11.5(2), 12.0(1), 12.0(2), 12.5(1) |
|
NON-IOS |
Unified Communications Manager Updates |
UCM |
12.0(1)SU1, 12.0(1)SU2, 12.0(1)SU3, 12.5(1), 12.5(1)SU1, 12.5(1)SU1 EFT100, 12.5(1)SU1 EFT114, 12.5(1)SU1 EFT128, 12.5(1)SU1 EFT66, 12.5(1)SU1 EFT85, 12.5(1)SU2, 12.5(1)SU2 EFT111, 12.5(1)SU2 EFT113, 12.5(1)SU2 EFT47, 12.5(1)SU2 EFT87, 12.5(1)SU2-5 EFT |
|
NON-IOS |
Unity Connection Updates |
12.0 |
12.0(1)SU1, 12.0(1)SU2, 12.0(1)SU3 |
|
NON-IOS |
Unity Connection Updates |
12.5 |
12.5(1), 12.5(1)SU1, 12.5(1)SU2 |
|
NON-IOS |
Unified Presence Server (CUP) Updates |
10.0 |
10.0(1), 10.0(1)SU1, 10.0(1)SU2 |
|
NON-IOS |
Unified Presence Server (CUP) Updates |
10.5(1) |
10.5(1), 10.5(1)SU1, 10.5(1)SU2, 10.5(1)SU3 |
|
NON-IOS |
Unified Presence Server (CUP) Updates |
11.0 |
11.0(1)SU1 |
|
NON-IOS |
Unified Presence Server (CUP) Updates |
11.5(1) |
11.5(1), 11.5(1)SU1, 11.5(1)SU2, 11.5(1)SU3, 11.5(1)SU3a, 11.5(1)SU4, 11.5(1)SU5, 11.5(1)SU5a, 11.5(1)SU6, 11.5(1)SU7 |
|
NON-IOS |
Unified Presence Server (CUP) Updates |
12.5(1) |
12.5(1), 12.5(1)SU1, 12.5(1)SU2 |
|
NON-IOS |
Prime License Manager Software Updates |
10.0 |
10.0(1) |
|
NON-IOS |
Prime License Manager Software Updates |
10.5 |
10.5(1), 10.5(2), 10.5(2)su1, 10.5(2)su1a, 10.5(2)su8, 10.5(2)su9 |
|
NON-IOS |
Prime License Manager Software Updates |
11.0(1) |
11.0(1) |
|
NON-IOS |
Prime License Manager Software Updates |
11.5 |
11.5(1), 11.5(1)SU1, 11.5(1)SU1a, 11.5(1)SU2, 11.5(1)SU5, 11.5(1)SU6, 11.5(1)SU7 |
|
NON-IOS |
Unified Contact Center Express Software |
Unified CCX 10 |
10.0(1)SU1, 10.5(1), 10.5(1)SU1, 10.6(1), 10.6(1)SU1, 10.6(1)SU3 |
|
NON-IOS |
Unified Contact Center Express Software |
Unified CCX 11 |
11.0(1)SU1, 11.5(1)SU1, 11.6(1), 11.6(2) |
|
NON-IOS |
Unified Contact Center Express Software |
Unified CCX 12 |
12.0(1) |
|
NON-IOS |
Unified Intelligence Center Software |
CUIC Version 10.0 |
10.0(1) |
|
NON-IOS |
Unified Intelligence Center Software |
CUIC Version 10.5 |
10.5(1) |
|
NON-IOS |
Unified Intelligence Center Software |
CUIC Version 11.0 |
11.0(1), 11.0(2) |
|
NON-IOS |
Unified Intelligence Center Software |
CUIC VERSION 11.5 |
11.5(1) |
|
NON-IOS |
Unified Intelligence Center Software |
CUIC VERSION 12.0 |
12.0(1) |
|
NON-IOS |
SocialMIner Software |
10 |
10.0(1), 10.5(1), 10.6(1), 10.6(2) |
|
NON-IOS |
SocialMIner Software |
11 |
11.0(1), 11.5(1), 11.5(1)SU1, 11.6(1), 11.6(2) |
|
NON-IOS |
SocialMIner Software |
12 |
12.0(1) |
|
NON-IOS |
MediaSense Software |
10 |
10.0(1), 10.5(1), 10.5(1)_SU1, 10.5(1)_SU2 |
|
NON-IOS |
MediaSense Software |
11 |
11.0(1), 11.0(1)_SU1, 11.5(1), 11.5(1)_SU1, 11.5(1)_SU2 |
|
NON-IOS |
Finesse Software |
10 |
10.0(1), 10.0(1)SU1, 10.0(1)SU1ES2, 10.5(1), 10.5(1)ES1, 10.5(1)ES10, 10.5(1)ES2, 10.5(1)ES3, 10.5(1)ES4, 10.5(1)ES5, 10.5(1)ES6, 10.5(1)ES7, 10.5(1)ES8, 10.5(1)ES9 |
|
NON-IOS |
Finesse Software |
11 |
11.0(1), 11.0(1)ES1, 11.0(1)ES2, 11.0(1)ES3, 11.0(1)ES4, 11.0(1)ES5, 11.0(1)ES6, 11.0(1)ES7, 11.0(1)ES_Rollback, 11.5(1), 11.5(1)ES1, 11.5(1)ES2, 11.5(1)ES3, 11.5(1)ES4, 11.5(1)ES5, 11.5(1)ES6, 11.6(1), 11.6(1)ES1, 11.6(1)ES2, 11.6(1)ES3, 11.6(1)ES4, 11.6(1)ES5, 11.6(1)ES6, 11.6(1)ES7, 11.6(1)ES8, 11.6(1)ES9 |
|
NON-IOS |
Finesse Software |
12 |
12.0(1), 12.0(1)ES1, 12.0(1)ES2 |
|
NON-IOS |
Cisco Virtualized Voice Browser Software Releases |
VVB 11 |
11.0(1), 11.5(1), 11.5(1)_ES27, 11.5(1)_ES29, 11.5(1)_ES32, 11.5(1)_ES36, 11.5(1)_ES43, 11.5(1)_ES53, 11.5(1)_ES54, 11.5(1)ES27, 11.5(1)ES29, 11.5(1)ES32, 11.5(1)ES36, 11.5(1)ES43, 11.6(1), 11.6(1)_ES22, 11.6(1)_ES80, 11.6(1)_ES81, 11.6(1)_ES82, 11.6(1)_ES83, 11.6(1)_ES84, 11.6(1)_ES85, Struts2_3_32Patch |
|
NON-IOS |
Cisco Virtualized Voice Browser Software Releases |
VVB 12 |
12.0(1), 12.0(1)_ES01, 12.0(1)_ES02, 12.0(1)_ES03, 12.0(1)_ES04, 12.5(1) |
|
NON-IOS |
Prime License Manager Software Updates |
10.0 |
10.0(1) |
|
NON-IOS |
Prime License Manager Software Updates |
10.5 |
10.5(1), 10.5(2), 10.5(2)su1, 10.5(2)su1a, 10.5(2)su8, 10.5(2)su9 |
|
NON-IOS |
Prime License Manager Software Updates |
11.0(1) |
11.0(1) |
|
NON-IOS |
Prime License Manager Software Updates |
11.5 |
11.5(1), 11.5(1)SU1, 11.5(1)SU1a, 11.5(1)SU2, 11.5(1)SU5, 11.5(1)SU6, 11.5(1)SU7 |
Defect ID | Headline |
---|---|
CSCvs64158 | Call Home Certificate Expires Feb 7 2020 for VOS Products |
The Call Home Certificate that is included by default in many of the Cisco Unified Collaboration products expires on 2020-02-07.
Cisco customers reported that they had received alerts about a certificate that was about to expire. Upon investigation, Cisco discovered that the Call Home Certificate included by default in the ISO image file has not been updated and expires in February 2020.
In the CiscoSyslog file, you may see a message similar to this one:
Jan 20 16:00:01 hostname local7 4 : 528: hostname: Jan 21 2020 12:00:01 AM.212 UTC : %UC_CERT-4-CertValidLessThanMonth: %[Message=Certificate expiration Notification. Certificate name:VeriSign_Class_3_Secure_Server_CA_-_G3.der Unit:tomcat-trust Type:own-cert ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=hostname]: Alarm that indicates Certificate Expire in 30 days or lesser
Workarounds:
For Prime License Manager 10.5
To delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system, apply this COP file: ciscocm.plm-CSCvs64158_remove_sch_cert_C0050-1.k3.cop.sgn
Note: Please review the Readme file for installation instructions.
For Prime License Manager 11.5
To delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system, apply this COP file: ciscocm.plm-CSCvs64158_remove_sch_cert_C0050-1.k3.cop.sgn
Note: Please review the Readme file for installation instructions.
For Collaboration Products with version 11.0(1) and later
Perform these steps to delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system:
Browse to the Cisco Unified OS Administration GUI (if it is a multi-node cluster, use the Publisher) and choose Security > Certificate Management.
In the Certificate List, find the certificate where Common Name contains VeriSign.
Click VeriSign_Class_3_Secure_Server_CA_-_G3.
The Certificate Details window appears.
In the Certificate Details window, click the Delete button.
A warning message appears.
On the warning message, click OK.
The certificate is deleted from all nodes in the cluster.
For all other versions
Perform these steps to delete the expired certificate (VeriSign_Class_3_Secure_Server_CA_-_G3) from the system:
Note: Steps 1 through 3 are preparation steps that you must perform before you delete the certificate in step 4.
Choose Cisco Unified Serviceability > Tools > Control Center - Network Services.
Stop Cisco Certificate Change Notification on all nodes in the cluster.
For IM and Presence Server(s): Stop the Platform Administration Web Service and Cisco Intercluster Sync Agent.
Delete the certificate on all the nodes, including IM and Presence. Follow the instructions in the Workaround "For Collaboration Products with version 11.0(1) and later" which appears elsewhere in this document.
Start the services which were stopped in Step 2 and Step 3.
Smart Call Home Certificate Renewal Procedure
If Smart Call Home is disabled, no further action is required after the certificate has been deleted.
If Smart Call Home is enabled, follow these steps after the certificate has been deleted:
Copy the certificate content from UCM Administration Guide Section "Information for Smart Call Home Certificates."
Note: The same certificate is valid for CUCM 10.5 and later versions.
Upload the PEM file as tomcat-trust in Cisco Unified OS Administration GUI Certificate Management Page as shown in this screenshot:
Find the certificate where Common Name contains QuoVadis and verify that QuoVadis_Root_CA_2 is listed as tomcat-trust.
Solution:
There is no solution available at this time.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.
Unleash the Power of TAC's Virtual Assistance