McDewey

Upload Certificate Authority (CA) Root Certificate Ensure that the intermediate or root CA certificate doesn't contain the 'CAPF−' substring in the Common Name. The 'CAPF−' common name is reserved for CAPF certificates. Note Procedure Step 1 From Cisco Unified OS Administration, choose Security > Certificate Management. Step 2 Click Upload Certificate/Certificate chain. Step 3 From the Certificate Purpose drop-down list, choose callmanager-trust. Step 4 Enter a Description for the certificate. For example, Certificate for External LSC-Signing CA. Step 5 Click Browse, navigate to the file, and then click Open. Step 6 Click Upload. Important This Note is applicable from Release 14 SU2 onwards. Note For any root or intermediate CA certificates, it should include the following default X509 extensions: X509v3 Basic Constraints: CA:TRUE, pathlen:0 X509v3 Key Usage: Digital Signature, Certificate Sign In the certificates if these extensions are missing, there will be TLS connection failure. Important This Note is applicable from Release 14 SU3 onwards and only for IPSec certificates. Note For any CA-signed IPSec certificates, it should not include the following extensions: X509v3 Basic Constraints: CA:TRUE Configure Online Certificate Authority Settings Use this procedure in Unified Communications Manager to generate phone LSCs using Online CAPF. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 75 Basic System Security Upload Certificate Authority (CA) Root Certificate