CUCM Bulk Certificate Import Error – Bug CSCuy43181

CUCM Bulk Certificate Import Error – Bug CSCuy43181

In our last post we discussed about “Migrating ITL files between CUCM Clusters (article link shared below). You may encounter an error while importing the consolidated certificate “com.cisco.cpi.certMgmt.CertMgrException: java.io.IOException: Error decoding PKCS 12 input” which is a bug “CSCuy43181” and the steps to import the certificate may change.

uccollabing.com

If you encounter such error, kindly follow the below steps.

  • Login to New Cisco Unified Communications Manager (All Servers running TFTP Services) > OS Administration
  • Go to Security > Certificate Management > Click on Find
  • Click on Call Manager Certificate > Download CallManager.pem in your Desktop (Repeat the same steps if you have another TFTP Servers in New Cluster)
  • Login to  Legacy Cisco Unified Communications Manager > OS Administration
  • Go to Security > Certificate Management > Click on Upload Certificate/Certificate Chain
    • Certificate Purpose > Select CallManager-Trust from drop down menu
    • Upload File > Click on Choose File and select the callmanager.pem file
    • Click on Upload
    • Certificate Purpose > Select Phone-SAST-trust from drop down menu
    • Upload File > Click on Choose File and select the callmanager.pem file
    • Click on Upload
  • Login to Legacy Cluster Cisco Unified Communication Manager > Serviceability
    • Go to Tools > Control Center – Network Services >
    • Radio Check > Cisco Trust Verification Service
    • Click on Restart
  • Now change the DHCP option 150 to point the phones to the new destination cluster
  • Reset the IP Phones from Legacy Cisco Unified Communication Manager and the IP Phones should start registering to the New Cluster if the certificate import process has worked correctly

uccollabing.com

uccollabing.com

You may also refer to – Migrating ITL Files between CUCM Clusters article –
https://www.uccollabing.com/2016/08/23/migrating-itl-files-between-cucm-clusters/

Hope this helps!

You may also like...

2 Responses

  1. James Hawkins says:

    Thanks – solved my issue.
    I appreciate you taking the time to blog about this 🙂

  2. Sami says:

    Hi,
    You might as well mention another bug that is reported on CM 9.0.1 wit the certificate export and consolidation to CM 10.x or 11.x. The bug ID is CSCua20054, this is mentioned in release notes however, everyone may not have sufficient access to view the details. Procedure mentioned above stands good to overcome error, “sftp operation failure” when trying to upload consolidate certificates on source cluster

Leave a Reply

Your email address will not be published. Required fields are marked *