McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 62

↗ View in doc context
page
62
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::50

Support for Certificates from External CAs Unified Communications Manager supports integration with third-party certificate authorities (CAs) by using a PKCS#10 certificate signing request (CSR) mechanism, which is accessible at the Unified Communications Manager GUI. Customers who currently use third-party CAs should use the CSR mechanism to issue certificates for: • Unified Communications Manager • CAPF • IPSec • Tomcat • TVS Multiserver (SAN) CA-signed certificates only applies to nodes in the cluster when the certificate gets uploaded to the Publisher. Generate a new multiserver certificate. Upload it to the cluster every time you add a new node or build it again. Note If you run your system in mixed mode, some endpoints may not accept CA certificates with a key size of 4096 or longer. To use CA certificates in mixed mode, choose one of the following options: • Use certificates with a certificate key size less than 4096. • Use self-signed certificates. Cisco's CTL client is no longer supported from Release 14. We recommend that you use the CLI command to switch the Unified Communications Manager server to Mixed Mode instead of the Cisco CTL Plugin. Note Restart the appropriate services for the update after running the CTL client. For example: • Restart TFTP services and Unified Communications Manager services when you update the Unified Communications Manager certificate. • Restart CAPF when you update the CAPF certificate. After uploading the Unified Communications Manager or CAPF certificates, you might observe the phones reset automatically to update their ITL File. For information on generating Certificate Signing Requests (CSRs) at the platform, see Administration Guide for Cisco Unified Communications Manager. Certificate Signing Request Key Usage Extensions The following tables display key usage extensions for Certificate Signing Requests (CSRs) for both Unified Communications Manager and the IM and Presence Service CA certificates. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 44 Basic System Security Support for Certificates from External CAs