McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 130

↗ View in doc context
page
130
source
cucm/v15/feature-config-guide/feature-config-guide.md
chunk_id
cucm::v15::feature-config-guide::feature-config-guide::85

This location changes based on the Unified Communications Manager version. b) Find the Cisco_Manufacturing_CA and CAPF certificates. Download the.pem file and save as.txt file. c) Create trustpoint on the Cisco IOS software. hostname(config)# crypto pki trustpoint trustpoint_name hostname(config-ca-trustpoint)# enrollment terminal hostname(config)# crypto pki authenticate trustpoint When prompted for the base 64-encoded CA certificate, copy and paste the text in the downloaded .pem file along with the BEGIN and END lines. Repeat the procedure for the other certificates. d) Generate the following Cisco IOS self-signed certificates and register them with Unified Communications Manager, or replace with a certificate that you import from a CA. • Generate a self-signed certificate. Router> enable Router# configure terminal Router(config)# crypto key generate rsa general-keys label <name> <exportable -optional>Router(config)# crypto pki trustpoint <name> Router(ca-trustpoint)# enrollment selfsigned Router(ca-trustpoint)# rsakeypair <name> 2048 2048 Router(ca-trustpoint)#authorization username subjectname commonname Router(ca-trustpoint)# crypto pki enroll <name> Router(ca-trustpoint)# end • Generate a self-signed certificate with Host-id check enabled on the VPN profile in Unified Communications Manager. Example: Router> enable Router# configure terminal Router(config)# crypto key generate rsa general-keys label <name> <exportable -optional>Router(config)# crypto pki trustpoint <name> Router(ca-trustpoint)# enrollment selfsigned Router(config-ca-trustpoint)# fqdn <full domain name>Router(config-ca-trustpoint)# subject-name CN=<full domain name>, CN=<IP>Router(ca-trustpoint)#authorization username subjectname commonname Router(ca-trustpoint)# crypto pki enroll <name> Router(ca-trustpoint)# end • Register the generated certificate with Unified Communications Manager. Example: Router(config)# crypto pki export <name> pem terminal Copy the text from the terminal and save it as a.pem file and upload it to the Unified Communications Manager using the Cisco Unified OS Administration. Step 4 Install AnyConnect on Cisco IOS. Download the Anyconnect package from cisco.com and install to flash. Example: router(config)#webvpn install svc flash:/webvpn/anyconnect-win-2.3.2016-k9.pkg Step 5 Configure the VPN feature. Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 88 Remote Network Access Configure Cisco IOS SSL VPN to Support IP Phones