CUCM Bulk Certificate Import Error – Bug CSCuy43181
In our last post we discussed about “Migrating ITL files between CUCM Clusters (article link shared below). You may encounter an error while importing the consolidated certificate “com.cisco.cpi.certMgmt.CertMgrException: java.io.IOException: Error decoding PKCS 12 input” which is a bug “CSCuy43181” and the steps to import the certificate may change.
If you encounter such error, kindly follow the below steps.
- Login to New Cisco Unified Communications Manager (All Servers running TFTP Services) > OS Administration
- Go to Security > Certificate Management > Click on Find
- Click on Call Manager Certificate > Download CallManager.pem in your Desktop (Repeat the same steps if you have another TFTP Servers in New Cluster)
- Login to Legacy Cisco Unified Communications Manager > OS Administration
- Go to Security > Certificate Management > Click on Upload Certificate/Certificate Chain
- Certificate Purpose > Select CallManager-Trust from drop down menu
- Upload File > Click on Choose File and select the callmanager.pem file
- Click on Upload
- Certificate Purpose > Select Phone-SAST-trust from drop down menu
- Upload File > Click on Choose File and select the callmanager.pem file
- Click on Upload
- Login to Legacy Cluster Cisco Unified Communication Manager > Serviceability
- Go to Tools > Control Center – Network Services >
- Radio Check > Cisco Trust Verification Service
- Click on Restart
- Now change the DHCP option 150 to point the phones to the new destination cluster
- Reset the IP Phones from Legacy Cisco Unified Communication Manager and the IP Phones should start registering to the New Cluster if the certificate import process has worked correctly
You may also refer to – Migrating ITL Files between CUCM Clusters article –
https://www.uccollabing.com/2016/08/23/migrating-itl-files-between-cucm-clusters/
Hope this helps!
I am working in an IT company and having 10+ years of experience into Cisco IP Telephony and Contact Center. I have worked on products like CUCM, CUC, UCCX, CME/CUE, IM&P, Voice Gateways, VG224, Gatekeepers, Attendant Console, Expressway, Mediasense, Asterisk, Microsoft Teams, Zoom etc. I am not an expert but i keep exploring whenever and wherever i can and share whatever i know. You can visit my LinkedIn profile by clicking on the icon below.
“Everyone you will ever meet knows something you don’t.” ― Bill Nye
Thanks – solved my issue.
I appreciate you taking the time to blog about this 🙂
Hi,
You might as well mention another bug that is reported on CM 9.0.1 wit the certificate export and consolidation to CM 10.x or 11.x. The bug ID is CSCua20054, this is mentioned in release notes however, everyone may not have sufficient access to view the details. Procedure mentioned above stands good to overcome error, “sftp operation failure” when trying to upload consolidate certificates on source cluster