McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 839

↗ View in doc context
page
839
source
cucm/v15/feature-config-guide/feature-config-guide.md
chunk_id
cucm::v15::feature-config-guide::feature-config-guide::789

• Ensure that the client firmware supports SIP OAuth. • The phones must trust both the Tomcat and Tomcat-EC certificates for SIP OAuth to work. • You can generate and download the self-signed Tomcat and Tomcat-EC certificates, or CA signed root certificate, and then upload this certificate as the Phone-Edge-Trust certificates on the Unified Communications Manager system. The IP Phones can accept a maximum of 16 Phone-Edge-Trust certificates. After uploading, the CA signed root certificates are placed into the caconfig.json file. For verification, you can access the URL at: http://<cucm>:6970/caconfig.json.sgn. Your deployment must have the following: Unified CM version 14 and above, Cisco IP Phones with SIP Firmware Release 14.0 and above, and Cisco Expressway X12.7 and above (in case of MRA deployments). SIP OAuth Mode Configuration Task Flow Complete the following tasks to configure SIP OAuth for your system. Procedure Purpose Command or Action Upload CA Certificate to the phone edge trust to get the tokens. This step is not applicable for Cisco Jabber device. Upload CA Certificate to the Phone Edge Trust Step 1 Enable OAuth Access Token for Devices Step 2 Important This step is applicable from Release 14 onwards. Enable OAuth for SIP registrations in Cisco IP Phone 7800 and 8800 enterprise series. This step is not applicable for Cisco Jabber device. Enable oauth with refresh login flow on Unified Communications Manager to register the device via SIP OAuth. Configure Refresh Logins, on page 799 Step 3 Assign the ports for OAuth for each node that has OAuth registration. Configure OAuth Ports, on page 799 Step 4 Configure a mutually authenticated TLS connection to Expressway-C. Configure OAuth Connection to Expressway-C, on page 800 Step 5 Enable OAuth services using a CLI command on the publisher node. Enable SIP OAuth Mode, on page 801 Step 6 Restart this service on all nodes that have OAuth registrations. Restart Cisco CallManager Service, on page 801 Step 7 Configure OAuth support within a Phone Security Profile if you are deploying encryption for the endpoints. Configure Device Security Mode in Phone Security Profile Step 8 Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 797 Advanced Call Processing SIP OAuth Mode Configuration Task Flow