McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 188

↗ View in doc context
page
188
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::185

• In addition to the procedures that are described in this chapter, you must use the certificate management feature in Unified Communications Manager to save the Cisco Unity certificate to the trusted store. For more information, see the “To Add Voice Messaging Ports in Cisco Unity Connection Administration” procedure in the Cisco Unified Communications Manager SCCP Integration Guide for Cisco Unity Connection at the following URL: http://www.cisco.com/en/US/docs/voice_ip_comm/connection/10x/integration/guide/cucm_sccp/guide/ cucintcucmskinny230.html After you copy the certificate, you must restart the CiscoCallManager service on each Unified Communications Manager server in the cluster. • If Cisco Unity certificates expire or change for any reason, use the certificate management feature in the Administration Guide for Cisco Unified Communications Manager to update the certificates in the trusted store. The TLS authentication fails when certificates do not match, and voice messaging does not work because it cannot register to Unified Communications Manager. • When configuring voice-mail server ports, you must select a device security mode. • The setting that you specify in the Cisco Unity Telephony Integration Manager (UTIM) or in Cisco Unity Connection Administration must match the voice-messaging port device security mode that is configured in Unified Communications Manager Administration. In Cisco Unity Connection Administration, you apply the device security mode to the voice-messaging port in the Voice Mail Port Configuration window (or in the Voice Mail Port Wizard). If the device security mode settings do not match, the voicemail server ports fail to register with Unified Communications Manager, and the voicemail server cannot accept calls on those ports. Tip • Changing the security profile for the port requires a reset of Unified Communications Manager devices and a restart of the voicemail server software. If you apply a security profile in Unified Communications Manager Administration that uses a different device security mode than the previous profile, you must change the setting on the voicemail server. • You cannot change the Device Security Mode for existing voice-mail servers through the VoiceMail Port Wizard. If you add ports to an existing voicemail server, the device security mode that is currently configured for the profile automatically applies to the new ports. Set Up Secure Voice-Messaging Port The following procedure provides the tasks used to configure security for voice-messaging ports. Procedure Step 1 Verify that Unified Communications Manager is in mixed mode by running the utils ctl CLI command. Step 2 Verify that you configured the phones for authentication or encryption. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 170 Basic System Security Set Up Secure Voice-Messaging Port