McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 155

↗ View in doc context
page
155
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::151

Procedure Step 1 Upload the certificate for each phone using the OS Administration Certificate Management interface. Step 2 In the Cisco Unified Administration, choose System > Security > Phone Security Profile. Step 3 Configure a new Phone Security Profile for the device type of this phone and in the Device Security Mode drop-down list, choose Encrypted or Authenticated. Step 4 To configure the new SIP phone in the CCMAdmin interface, choose Device > Phone > Add New. Step 5 Select Phone type. Step 6 Fill in the required fields. Step 7 In the Device Security Profile drop-down list, select the profile you just created. Set Up Preferred Vendor SIP Phone Security Profile Shared Certificates To configure the preferred vendor SIP phone security profile with shared certificates, perform the following procedure: Procedure Step 1 Using instructions from the phone vendor, generate a certificate with a Subject Alternate Name (SAN) string. The SAN must be of type DNS. Make a note of the SAN specified in this step. For example, X509v3 extensions: • X509v3 Subject Alternative Name • DNS:AscomGroup01.acme.com Note The SAN must be of type DNS or security will not be enabled. Step 2 Upload the shared certificate using the OS Administration Certificate Management interface. Step 3 In the Cisco Unified Administration, choose System > Security > Phone Security Profile. Step 4 In the Name field, enter the name of the Subject Alt Name (SAN), which is the name on the certificate provided by the preferred vendor, or if there is no SAN enter the Certificate Name. Note The name of the security profile must match the SAN in the certificate exactly or security will not be enabled. Step 5 In the Device Security Mode drop-down list, choose Encrypted or Authenticated. Step 6 In the Transport type drop-down list, choose TLS. Step 7 To configure the new SIP phone in the CCMAdmin interface, choose Device > Phone > Add New. Step 8 Select Phone type. Step 9 Fill in the required fields Step 10 In the Device Security Profile drop-down list, select the profile you just created. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 137 Basic System Security Set Up Preferred Vendor SIP Phone Security Profile Shared Certificates