McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 52

↗ View in doc context
page
52
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::40

Reset CTL Localkey When devices on a Unified Communications Manager cluster are locked and lose their trusted status, perform a reset of the Cisco Trust List (CTL) file with the CLI command utils ctl reset localkey. This command generates a new CTL file. Procedure Step 1 Run utils ctl reset localkey Note For utils ctl reset localkey, the local key resides on the publisher. When issuing this command, the CTL file is temporarily signed by the CallManager key. Step 2 Run show ctl to verify that the reset was successful. Step 3 From Cisco Unified CM Administration, choose System > Enterprise Parameters. The Enterprise Parameters Configuration page appears. Step 4 Click Reset. The devices restart. They are ready to download the CTL file that is signed by the CallManager key and accept configuration files. Step 5 Run the utils ctl update CTLFile and restart the necessary services rolling back the changes in Step 1. The devices restart. They are ready to download the CTL file that is signed by the ITLRecovery key and accept configuration files. The devices download the CTL file that is signed using the required keys and register correctly to Unified Communications Manager again. View the Validity Period of ITLRecovery Certificate The ITLRecovery certificate has a long validity period with phones. You can navigate to the Certificate File Data pane to view the validity period or any other ITLRecovery certificate details. Procedure Step 1 From Cisco Unified OS Administration, choose Security > Certificate Management. Step 2 Enter the required search parameters to find the certificate and view its configuration details. The list of certificates that match the criteria appears in the Certificate List page. Step 3 Click the ITLRecovery link to view the validity period. The ITLRecovery certificate details appear in the Certificate File Data pane. The validity period is 20 years from the current year. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 34 An Introduction to Unified CM Security Reset CTL Localkey