McDewey

To disable encryption for the phone configuration files, you must uncheck the TFTP Encrypted Config check box in the phone security profile in Cisco Unified Communications Manager Administration and then save your change. Configure SHA-512 Signing Algorithm SHA-1 is the default algorithm for TFTP file signing. You can use the below optional procedure to upgrade the system to use the stronger SHA-512 algorithm for TFTP configuration files such as digital signatures. Make sure that your phones support SHA-512. If not, the phones don't work after you update your system. Note Procedure Step 1 From Cisco Unified CM Administration, choose System > Enterprise Parameters. Step 2 Go to the Security Parameters pane. Step 3 From the TFTP File Signature Algorithm drop-down list, choose SHA-512. Step 4 Click Save. Restart the affected services listed in the pop-up window to complete the procedure. Verify LSC or MIC Certificate Installation For phones that use public keys, verify the certificate installation. This procedure applies to Cisco Unified IP Phones that uses PKI encryption. To determine, if your phone supports PKI encryption, see Phone Models Supporting Encrypted Configuration File section. Note The following procedure assumes that the phone exists in Unified Communications Manager database and you have enabled the TFTP Encrypted Config parameter in Unified Communications Manager. Procedure Step 1 Verify that a Manufacture-Installed Certificate (MIC) or a Locally Significant Certificate (LSC) exists in the phone. Step 2 From Cisco Unified CM Administration, choose Device > Phone. The lists of phones appear. Step 3 Click the Device Name. The Phone Configuration page appears. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 108 Basic System Security Configure SHA-512 Signing Algorithm