McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 60

↗ View in doc context
page
60
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::48

• ACT2_SUDI_CA MIC root certificates that stay in the CAPF trust store get used for certificate upgrades. For information on updating the Unified Communications Manager trust store and managing certificates, see Administration Guide for Cisco Unified Communications Manager. CAP-RTP-001 and CAP-RTP-002 certificates are removed from Unified Communications Manager. Note In Unified Communications Manager Release 12.5.1SU2 and earlier, the Secure Onboarding feature doesn’t work if you remove the Cisco Manufacturing certificates from the CallManger-trust store, because it can’t validate the Manufacture Installed Certificates (MICs) from phones. However, this feature works from Unified Communications Manager Release 12.5.1SU3 onwards, because it uses the CAPF-trust store to validate the MICs from phones. Note Server Certificate Types Server Certificates are basically to identify a server. The server certificates serve the rationale of encrypting and decrypting the content. Self-signed (own) certificate types in Unified Communications Manager servers are as follows: Unified Communications Manager imports the following certificate types to the Unified Communications Manager trust store: Table 7: Certificate Type and Description Description Certificate Type Cisco Unity and Cisco Unity Connection use this self-signed root certificate to sign the Cisco Unity SCCP and Cisco Unity Connection SCCP device certificates. For Cisco Unity, the Cisco Unity Telephony Integration Manager (UTIM) manages this certificate. For Cisco Unity Connection, Cisco Unity Connection Administration manages this certificate. Cisco Unity server or Cisco Unity Connection certificate Cisco Unity and Cisco Unity Connection SCCP devices use this signed certificate to establish a TLS connection with Unified Communications Manager. Cisco Unity and Cisco Unity Connection SCCP device certificates A SIP user agent that connects via a SIP trunk authenticates to Unified Communications Manager if the CallManager trust store contains the SIP user agent certificate and if the SIP user agent contains the Unified Communications Manager certificate in its trust store. SIP Proxy server certificate The certificate name represents a hash of the certificate subject name, which is based on the voice-mail server name. Every device (or port) gets issued a certificate that is rooted at the root certificate. Note Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 42 Basic System Security Server Certificate Types