[cisco-voip] CUCM 712a certificate
Jason Burns
burns.jason at gmail.com
Wed Feb 24 09:53:24 EST 2010
It is not possible to upload your own certificates to an IP Phone, the
process is slightly less straight forward than just generating your own
certs and putting them on the phones.
The LSCs are signed by the CAPF certificate. The CAPF certificate is a self
signed certificate by default. You can generate a CSR for the CAPF
certificate and then have your CAPF certificate signed by an external CA.
In this instance the CTL file would be updated to contain the newly added
externally signed CAPF certificate. Your LSCs would be in turn signed by
this CAPF certificate.
The CTL file has a limit of 32KB, so it's important to note that you may
want to limit the number of externally signed certificates that you put into
the CTL file. This limitation is removed in CUCM 8.X with the introduction
of TVS, or external certificate verification.
The LSCs are still generated on CUCM by the CAPF service.
Hopefully this information answers your question.
-Jason
On Tue, Feb 23, 2010 at 11:42 PM, Rhodium <rhodium_uk at yahoo.co.uk> wrote:
> This is the specific section:
>
>
> http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223
>
> J
>
> --- On Wed, 2/24/10, cisco.voip <cisco.voip at verizon.net> wrote:
>
> > From: cisco.voip <cisco.voip at verizon.net>
> > Subject: [cisco-voip] CUCM 712a certificate
> > To: cisco-voip at puck.nether.net
> > Date: Wednesday, February 24, 2010, 4:29 AM
> > Hello,
> > I have read CUCM sec guide, however, I do not see how to
> > get my own certificates on the phones.
> > Not self generated by the CCM? Does anyone
> > have a link on or know how to do this?
> >
> > Tx
> >
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
> >
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100224/570f954e/attachment.html>
More information about the cisco-voip
mailing list