[cisco-voip] CUCM 10.5 Mixed Mode change from Hardware Tokens to tokenless CTL

Reto Gassmann voip at mrga.ch
Tue Jan 9 16:30:46 EST 2018


Hello Brian

Thanks for your Feedback. All the phones are authenticated and have a LCS
installed. There is also a CTL on every Phone.

Would it help to delete the LCS certificates and change the phone security
profile to non secure? I was also thinking about to set the cluster back to
non secure (from Mixed Mode now). However I am shure if that helps.

Thanks and regards
Reto

Brian Meade <bmeade90 at vt.edu> schrieb am Di. 9. Jan. 2018 um 17:52:

> Do the phones still have CTLs on them?
>
> Phones that support Securty By Default will be okay as they can get trust
> new certificates using the ITL/TVS.  For the old 7940/60s and things like
> IP Communicator that don't support CTL, you're probably stuck bulk deleting
> CTLs.  UnifiedFX may be able to help here.
>
> You can try adding new certs to the CTL and use the old tokens but I'm not
> sure the CTL client will be okay with the expired certificates.  Usually
> the phones won't check certificate validity dates.
>
> I'd first try running the CTL Client and import all the CallManager.pem
> certificates and see if it lets you update the CTL.  If so, you should be
> able to convert to tokenless fine.
>
> On Tue, Jan 9, 2018 at 11:24 AM, Reto Gassmann <voip at mrga.ch> wrote:
>
>> Hello Group
>>
>> We run a CUCM cluster 10.5 in Mixed Mode. The IP Phones (mainly 7960 and
>> 7961) are authenticated with LCS.  A long time ago the cluster was set to
>> Mixed Mode with two Hardware tokens. The tokens (Certificates on the
>> tokens) expired last September.
>> Now we want to change to tokenless CTL. I found a Cisco Document (118893)
>> that describes the steps needed to make that change. However there are some
>> notes about Problems with TVS and Security by Default with 7960.
>>
>> Can anyone help / Any ideas???
>>
>> Thank you
>> Reto
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180109/4b12bd2a/attachment.html>


More information about the cisco-voip mailing list