[cisco-voip] CUCM 10.5 Mixed Mode change from Hardware Tokens to tokenless CTL
Brian Meade
bmeade90 at vt.edu
Tue Jan 9 11:52:09 EST 2018
Do the phones still have CTLs on them?
Phones that support Securty By Default will be okay as they can get trust
new certificates using the ITL/TVS. For the old 7940/60s and things like
IP Communicator that don't support CTL, you're probably stuck bulk deleting
CTLs. UnifiedFX may be able to help here.
You can try adding new certs to the CTL and use the old tokens but I'm not
sure the CTL client will be okay with the expired certificates. Usually
the phones won't check certificate validity dates.
I'd first try running the CTL Client and import all the CallManager.pem
certificates and see if it lets you update the CTL. If so, you should be
able to convert to tokenless fine.
On Tue, Jan 9, 2018 at 11:24 AM, Reto Gassmann <voip at mrga.ch> wrote:
> Hello Group
>
> We run a CUCM cluster 10.5 in Mixed Mode. The IP Phones (mainly 7960 and
> 7961) are authenticated with LCS. A long time ago the cluster was set to
> Mixed Mode with two Hardware tokens. The tokens (Certificates on the
> tokens) expired last September.
> Now we want to change to tokenless CTL. I found a Cisco Document (118893)
> that describes the steps needed to make that change. However there are some
> notes about Problems with TVS and Security by Default with 7960.
>
> Can anyone help / Any ideas???
>
> Thank you
> Reto
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180109/65dc31bb/attachment.html>
More information about the cisco-voip
mailing list