McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 47

↗ View in doc context
page
47
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::35

Unified Communications Manager encodes and stores encryption keys in the database. The TFTP server encrypts and decrypts configuration files by using symmetric encryption keys: • If the phone has PKI capabilities, Unified Communications Manager can use the phone public key to encrypt the phone configuration file. • If the phone does not have PKI capabilities, you must configure a unique symmetric key in Unified Communications Manager and in the phone. You enable encrypted configuration file settings in the Phone Security Profile window in Unified Communications Manager Administration, which you then apply to a phone in the Phone Configuration window. Default Security Administration Tasks The following are the default security administration tasks: Procedure Purpose Command or Action Validates TFTP configuration files. Update ITL File for Cisco Unified IP Phones Step 1 Obtain an ITL file status of the phones. Obtain ITL File Status Step 2 Obtain the Cisco Unified IP Phone Support List using Cisco Unified Reporting page. Get Endpoint Support for Security by Default Step 3 Prepare the cluster for rollback. Roll Back Cluster to a Pre-8.0 Release Step 4 Perform the bulk reset of ITL file. Perform Bulk Reset of ITL File, on page 33 Step 5 Perform a reset of the Cisco Trust List (CTL) file with the CLI command Reset CTL Localkey Step 6 View the validity period of ITLRecovery Certificate. View the Validity Period of ITLRecovery Certificate Step 7 Implement authentication and encryption for a new install. Set Up Authentication and Encryption Step 8 Update ITL File for Cisco Unified IP Phones A centralized TFTP with Unified Communication Manager using Security By Default with ITL files installed on the phones does not validate TFTP configuration files. Perform the following procedure before any phones from the remote clusters are added to the centralized TFTP deployment. Procedure Step 1 On the Central TFTP server, enable the Enterprise Parameter Prepare cluster for pre CM-8.0 rollback. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 29 An Introduction to Unified CM Security Default Security Administration Tasks