/mcpASA Certificate Configuration For more information on ASA certificate configuration, see Configure AnyConnect VPN Phone with Certificate Authentication on an ASA Upload VPN Concentrator Certificates Generate a certificate on the ASA when you set it up to support the VPN feature. Download the generated certificate to your PC or workstation and then upload it to Unified Communications Manager using the procedure in this section. Unified Communications Manager saves the certificate in the Phone-VPN-trust list. The ASA sends this certificate during the SSL handshake, and the Cisco Unified IP Phone compares it against the values stored in the Phone-VPN-trust list. If a Locally Significant Certificate (LSC) is installed on the Cisco Unified IP Phone, it will send its LSC by default. To use device level certificate authentication, install the root MIC or CAPF certificate in the ASA, so that the Cisco Unified IP Phone are trusted. To upload certificates to Unified Communications Manager, use the Cisco Unified OS Administration. Procedure Step 1 From Cisco Unified OS Administration, choose Security > Certificate Management. Step 2 Click Upload Certificate. Step 3 From the Certificate Purpose drop-down list, choose Phone-VPN-trust. Step 4 Click Browse to choose the file that you want to upload. Step 5 Click Upload File. Step 6 Choose another file to upload or click Close. For more information, see Certificate Management chapter. Configure VPN Gateway Ensure that you have configured VPN concentrators for each VPN gateway. After configuring the VPN concentrators, upload the VPN concentrator certificates. For more information, see Upload VPN Concentrator Certificates, on page 92. Use this procedure to configure the VPN Gateway. Procedure Step 1 From Cisco Unified CM Administration, choose Advanced Features > VPN > VPN Gateway. Step 2 Perform one of the following tasks: Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 92 Remote Network Access Upload VPN Concentrator Certificates