McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 289

↗ View in doc context
page
289
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::290

The JTAPI client stores the LSC in Java Key Store format in the path that you configure in the JTAPI Preferences window. The TSP client stores the LSC in an encrypted format in the default directory or in the path that you configure. Tip The following information applies when a communication or power failure occurs. • If a communication failure occurs while the certificate installation is taking place, the JTAPI client attempts to obtain the certificate three more times in 30-second intervals. You cannot configure this value. For the TSP client, you can configure the retry attempts and the retry timer. Configure these values by specifying the number of times that the TSP client tries to obtain the certificate in an allotted time. For both values, the default equals 0. You can configure up to 3 retry attempts by specifying 1 (for one retry), 2, or 3. You can configure no more than 30 seconds for each retry attempt. • If a power failure occurs while the JTAPI/TSP client attempts a session with CAPF, the client attempts to download the certificate after power gets restored. CAPF System Interactions and Requirements for CTI, JTAPI, and TAPI Applications The following requirements exist for CAPF: • Before you configure the Application User and End User CAPF Profiles, verify that the Cluster Security Mode in the Enterprise Parameters Configuration window is 1 (mixed mode). • To use CAPF, you must activate the Cisco Certificate Authority Proxy Function service on the publisher node. • Generating many certificates at the same time may cause call-processing interruptions and we recommend that you use CAPF during a scheduled maintenance window. • Ensure that the publisher node is functional and running during the entire certificate operation. • Ensure that the CTI/ JTAPI/TAPI application is functional during the entire certificate operation. Certificate Authority Proxy Function Service Activation Unified Communications Managerdoes not automatically activate the Certificate Authority Proxy Function service in Cisco Unified Serviceability. To use the CAPF functionality, you must activate this service on the first node. You must update the CTL file if you did not activate this service before moving Unified Communications Manager to mixed mode. After you activate the Cisco Certificate Authority Proxy Function service, CAPF automatically generates a key pair and certificate that is specific to CAPF. The CAPF certificate is then displayed on the Cisco Unified Communications Operating System GUI as a verification that the CAPF certificate exists. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 271 Advanced System Security CAPF System Interactions and Requirements for CTI, JTAPI, and TAPI Applications