McDewey

C H A P T E R 3 Configurations • Security Configurations, on page 9 Security Configurations This chapter provides end to end security solutions and references to various security task flows and their brief descriptions. Table 4: Security Configurations Description Procedure Steps Configure and exchange certificates for your system. Generate Certificates Step 1 Configure the system to monitor certificate expiry and to revoke certificates automatically through the Online Certificate Status Protocol (OCSP). Configure Certificate Monitoring and Revocation Step 2 When mixed mode is enabled, your system uses the Certificate Trust List (CTL) file for security if you're deploying Cisco Unified IP Phone, TelePresence Endpoints, or Jabber without OAuth. Enable Mixed Mode Step 3 Configure CAPF to generate LSC certificates for phones. Configure Certificate Authority Proxy Function (CAPF) Step 4 Configure encrypted TFTP so that the initial phone configuration file sent to the phone is encrypted. Configure Encrypted TFTP Step 5 Configure Phone Security profiles to include items like TFTP encryption and TLS signaling for your phones. Configure Phone Security Step 6 Configure optional product-specific configurations to harden the connection to the phone. Configure Phone Hardening Step 7 Configure secure trunks to enable TLS and digest authentication on trunks. Configure Secure Trunks Step 8 Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 9