/mcpIf you are connecting the trunk to a secure device, you must upload a certificate for the secure device to Unified Communications Manager. For certificate details, see the Certificates section. Configure TLS in a Phone Security Profile Use this procedure to assign TLS connections to a Phone Security Profile. Phones that use this profile use TLS for signaling. Procedure Step 1 From Cisco Unified CM Administration, choose System > Security > Phone Security Profile. Step 2 Perform one of the following steps: • Click Add New to create a new profile. • Click Find to search and select an existing profile. Step 3 If you are creating a new profile, select a phone model and protocol, and click Next. Note If you want to use a universal device template and LDAP sync to provision security through the LDAP sync, select Universal Device Template as the Phone Security Profile Type. Step 4 Enter a name for the profile. Step 5 From the Device Security Mode drop-down list, select either Encrypted or Authenticated. Step 6 (For SIP phones only) From the Transport Type, select TLS. Step 7 Complete the remaining fields of the Phone Security Profile Configuration window. For help with the fields and their configuration, see the online help. Step 8 Click Save. Note This Note is applicable from Release 15SU2 onwards. If you set the Device Security Mode to Authenticated, the phones switch to a TLS version lower than 1.3 for registration. When the minimum supported TLS version on the Unified CM is set to 1.3, the phones with Authenticated Device Security Mode will not register. Add Secure Phone Profile to a Phone Use this procedure to assign the TLS-enabled phone security profile to a phone. To assign a secure profile to a large number of phones at once, use the Bulk Administration Tool to reassign the security profile for them. Note Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 199 Basic System Security Configure TLS in a Phone Security Profile