McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 156

↗ View in doc context
page
156
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::152

Migrate Phones from One Cluster to Another Cluster Use the following procedure to migrate phones from one cluster to another. For example, from cluster 1 to cluster 2. Procedure Step 1 On cluster 2, from Cisco Unified OS Administration, choose Security > Certificate Management. Step 2 Click Find. Step 3 From the list of Certificates, click the ITLRecovery certificate and click either Download .PEM File or Download .DER File to download the certificate in one of the file formats to your computer. The details of certificate appear. Step 4 From the list of Certificates, click the CallManager certificate and click either Download .PEM File or Download .DER File to download the certificate in one of the file formats to your computer. The details of certificate appear. Step 5 On cluster 1, from Cisco Unified OS Administration, choose Security > Certificate Management. The Certificate List window appears. Step 6 Click Upload Certificate Chain to upload the downloaded certificate. Step 7 From the Certificate Purpose drop-down list, choose Phone-SAST-trust. Step 8 For the Upload File field, click Choose File, browse to the ITLRecovery file that you downloaded in Step 3, and then click Upload File. The uploaded ITLRecovery file appears for the Phone-SAST-Trust certificate on Certificate List window of cluster

  1. If the new ITL file has a ITLRecovery certificate for cluster 2, run the command show itl. Step 9 If the phones in cluster 1 have Locally Significant Certificates (LSC), then the CAPF certificate from cluster 1 has to be uploaded in the CAPF-trust store of cluster 2. Step 10 (Optional) This step is applicable only if the cluster is in mixed mode. Run the utils ctl update CTLFile command on the CLI to regenerate the CTL file on cluster 1. Note • Run the show ctl CLI command to ensure that the ITLRecovery certificate and CallManager certificate of cluster 2 are included in the CTL file with the role as SAST. • Ensure that the phones have received the new CTL and ITL files. The updated CTL file has the ITLRecovery certificate of cluster 2. The phones that you want to migrate from cluster 1 to cluster 2 will now accept the ITLRecovery certificate of cluster

Step 11 Migrate the phone from one cluster to another. Phone Security Interactions and Restrictions This section provides the interaction and restriction on Phone Security. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 138 Basic System Security Migrate Phones from One Cluster to Another Cluster