McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 264

↗ View in doc context
page
264
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::263

Executed command unsuccessfully If you enter a password more than 14 characters, the following prompts appear: Security Warning: The operation will regenerate certificates for 1)CallManager 2)Tomcat 3)IPsec 4)TVS 5)CAPF 6)SSH 7)ITLRecovery Any third party CA signed certificates that have been uploaded for the above components will need to be re-uploaded. If the system is operating in mixed mode, then the CTL client needs to be run again to update the CTL file. If there are other servers in the cluster, please wait and do not change the FIPS Settings on any other node until the FIPS operation on this node is complete and the system is back up and running. If the enterprise parameter 'TFTP File Signature Algorithm' is configured with the value 'SHA-1' which is not FIPS compliant in the current version of the Unified Communications Manager, though the signing operation will continue to succeed, it is recommended the parameter value be changed to SHA-512 in order to be fully FIPS. Configuring SHA-512 as the signing algorithm may reqiure all the phones that are provisioned in the cluster to be capable of verifying SHA-512 signed configuration file, otherwise the phone registration may fail. Please refer to the Cisco Unified Communications Manager Security Guide for more details.

This will change the system to FIPS mode and will reboot.

WARNING: Once you continue do not press Ctrl+C. Canceling this operation after it starts will leave the system in an inconsistent state; rebooting the system and running "utils fips status" will be required to recover.

Do you want to continue (yes/no)? Step 4 Enter Yes. The following message appears: Generating certificates...Setting FIPS mode in operating system. FIPS mode enabled successfully.

It is highly recommended that after your system restarts that a system backup is performed.

The system will reboot in a few minutes. Unified Communications Manager reboots automatically. Note • Certificates and SSH key are regenerated automatically, in accordance with FIPS requirements. • If you have a single-server cluster and applied the Prepare Cluster for Rollback to pre 8.0 enterprise parameter before you enabled FIPS 140-2 mode, you must disable this enterprise parameter after making sure that all the phones registered successfully to the server. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 246 Advanced System Security Enable FIPS 140-2 Mode