McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 92

↗ View in doc context
page
92
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::83

Purpose Command or Action Use this procedure to generate phone LSC certificates. Configure Online Certificate Authority Settings, on page 75 Step 3 Use this procedure to generate phone LSC certificates using an Offline CA. Configure Offline Certificate Authority Settings Step 4 After you configure the CAPF system settings, activate essential CAPF services. Activate or Restart CAPF Services Step 5 Add the CAPF settings to Phone Configuration using one of the following options: Configure CAPF settings in Unified Communications Manager using one of the following procedures: Step 6 • Configure CAPF Settings in a Universal Device Template, on page 78 • If you haven't synced your LDAP directory, add CAPF settings to a Universal Device Template and apply settings through the initial LDAP sync. • Update CAPF Settings via Bulk Admin, on page 79 • Configure CAPF Settings for a Phone, on page 80 • Use Bulk Administration Tool to apply CAPF settings to many phones in a single operation. • You can apply CAPF settings on a phone-by-phone basis. Set a keepalive value for the CAPF-Endpoint connection so that it's not timed out by a firewall. The default value is 15 minutes. Set KeepAlive Timer, on page 81 Step 7 Upload Root Certificate for Third-Party CAs Upload the CA root certificate to the CAPF-trust store and the Unified Communications Manager trust store to use an external CA to sign LSC certificates. Skip this task if you don't want to use a third-party CA to sign LSCs. Note Procedure Step 1 From Cisco Unified OS Administration choose Security > Certificate Management. Step 2 Click Upload Certificate/Certificate chain. Step 3 From the Certificate Purpose drop-down list, choose CAPF-trust. Step 4 Enter a Description for the certificate. For example, Certificate for External LSC-Signing CA. Step 5 Click Browse, navigate to the file, and then click Open. Step 6 Click Upload. Step 7 Repeat this task, uploading certificates to callmanager-trust for the Certificate Purpose. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 74 Basic System Security Upload Root Certificate for Third-Party CAs