It is not possible to upload your own certificates to an IP Phone, the process is slightly less straight forward than just generating your own certs and putting them on the phones.<br><br>The LSCs are signed by the CAPF certificate. The CAPF certificate is a self signed certificate by default. You can generate a CSR for the CAPF certificate and then have your CAPF certificate signed by an external CA.<br>
<br>In this instance the CTL file would be updated to contain the newly added externally signed CAPF certificate. Your LSCs would be in turn signed by this CAPF certificate.<br><br>The CTL file has a limit of 32KB, so it's important to note that you may want to limit the number of externally signed certificates that you put into the CTL file. This limitation is removed in CUCM 8.X with the introduction of TVS, or external certificate verification.<br>
<br>The LSCs are still generated on CUCM by the CAPF service.<br><br>Hopefully this information answers your question.<br><br>-Jason<br><br><div class="gmail_quote">On Tue, Feb 23, 2010 at 11:42 PM, Rhodium <span dir="ltr"><<a href="mailto:rhodium_uk@yahoo.co.uk">rhodium_uk@yahoo.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">This is the specific section:<br>
<br>
<a href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223" target="_blank">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch6.html#wp1046223</a><br>
<br>
J<br>
<br>
--- On Wed, 2/24/10, cisco.voip <<a href="mailto:cisco.voip@verizon.net">cisco.voip@verizon.net</a>> wrote:<br>
<br>
> From: cisco.voip <<a href="mailto:cisco.voip@verizon.net">cisco.voip@verizon.net</a>><br>
> Subject: [cisco-voip] CUCM 712a certificate<br>
> To: <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> Date: Wednesday, February 24, 2010, 4:29 AM<br>
<div><div></div><div class="h5">> Hello,<br>
> I have read CUCM sec guide, however, I do not see how to<br>
> get my own certificates on the phones.<br>
> Not self generated by the CCM? Does anyone<br>
> have a link on or know how to do this?<br>
><br>
> Tx<br>
><br>
> _______________________________________________<br>
> cisco-voip mailing list<br>
> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</div></div></blockquote></div><br>