McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 323

↗ View in doc context
page
323
source
cucm/v15/cli-reference/cucm-15-cli-reference.md
chunk_id
cucm::v15::cli-reference::cucm-15-cli-reference::310

Consider the following information before you disable FIPS 140-2 mode: In multiple server clusters, each server must be disabled separately; FIPS mode is not disabled cluster-wide but on a per server basis. Consider the following information after you enable FIPS 140-2 mode: If you have a single server cluster and chose to apply "Prepare Cluster for Rolback to pre 8.0" enterprise parameter before enabling FIPS mode, disable this parameter after making sure that all the phones registered successfully with the server. Consider the following information before you enable or disable FIPS 140-2 mode for IM and Presence Service: After you enable or disable FIPS 140-2 mode for IM and Presence Service, the Tomcat certificate is regenerated and the node reboots. The Intercluster Sync Agent syncs the new Tomcat certificate across the cluster; this can take up to 30 minutes. Until the new Tomcat certificate is synced across the cluster, an IM and Presence Service subscriber node cannot access information from the IM and Presence Service database publisher node. For example, a user who is logged into the Cisco Unified Serviceability GUI on a subscriber node will not be able to view services on the IM and Presence Service database publisher node. Users will see the following error message until the sync is complete: Connection to server cannot be established (certificate exception) Requirements Command privilege level: 0 Allowed during upgrade: No Applies to: Unified Communications Manager, IM and Presence Service on Unified Communications Manager, and Cisco Unity Connection utils fips_common_criteria This command configures the Common Criteria mode in the system. utils fips_common_criteria {enable | disable | status} Syntax Description Description Parameters Enables the Common Criteria mode in the system enable Disables the Common Criteria mode in the system When Common Criteria mode is disabled, a prompt is displayed to set the minimum TLS version. disable Displays the status of Common Criteria mode in the system status Command Modes Administrator (admin:) Usage Guidelines Secure connections using TLS version 1.0 are not permitted after enabling the Common Criteria mode. FIPS mode will be enabled while enabling Common Criteria mode. Enabling or disabling Common Criteria mode does not require certificates to be regenerated. However, enabling or disabling FIPS does require rebooting of the system along with regeneration of certificates. Requirements Command privilege level: 1 Command Line Interface Reference Guide for Cisco Unified Communications Solutions, Release 15 and SUs 299 Utils Commands utils fips_common_criteria