The CiscoCertUtil tool is a utility that helps you manage certificates on any Contact Center Enterprise machine for machine-to-machine secure communication across components. Some of the functions of the CiscoCertUtil tool are:
It generates certificate signing requests (CSR) that can be submitted to a certificate authority (CA) for obtaining CA-signed certificates. A CSR is a message sent from an applicant to a CA in order to apply for a digital identity certificate. It usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and integrity protection (such as a digital signature).
It generates self-signed certificates in the PFX format, which is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX is an acronym for Personal Information Exchange. PFX files are typically used on Windows machines to import and export certificates and private keys.
It creates a log file pertaining to the operations that it performs for troubleshooting. The log file is located in the \icm\bin\CiscoCertUtil.log folder. The log file contains information such as the date and time of the operation, the command executed, the parameters used, the status of the operation, and any error messages.
It validates any certificate that is installed on the machine. It checks the validity period, the signature, the trust chain, and the revocation status of the certificate. It also displays the certificate details such as the subject, the issuer, the serial number, the thumbprint, and the public key.
References:
Security Guide for Cisco Unified ICM/Contact Center Enterprise, Release 12.6(1) - Certificate Management for Secured Connections
Security Guide for Cisco Unified ICM/Contact Center Enterprise, Release 12.5 (1) and 12.5 (2) - Certificate Management for Secured Connections
Security Guide for Cisco Unified ICM/Contact Center Enterprise, Release 12.0(1) - Certificate Management for Secured Connections
