McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 94

↗ View in doc context
page
94
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::85

Procedure Step 1 From Cisco Unified CM Administration, choose System > Service Parameters. Step 2 From the Server drop-down list, choose a node where you activated the Cisco Certificate Authority Proxy Function (Active) service. Step 3 From the Service drop-down list, choose Cisco Certificate Authority Proxy Function (Active). Verify that the word “Active” is displayed next to the service name. Step 4 From the Certificate Issuer to Endpoint drop-down list, choose Online CA. For CA-signed certificates, we recommend using an Online CA. Step 5 In the Duration Of Certificate Validity (in days) field, enter a number between 1 and 1825 to represent the number of days that a certificate issued by CAPF is valid. Step 6 In the Online CA Parameters section, set the following parameters to create the connection to the Online CA section. • Online CA Hostname—The subject name or the Common Name (CN) should be the same as the Fully Qualified Domain Name (FQDN) of the HTTPS certificate. Note The hostname configured is the same as the Common Names (CN) of the HTTP's certificate hosted by Internet Information Services (IIS) running on Microsoft CA. • Online CA Port—Enter the port number for Online CA. For example, 443. • Online CA Template—Enter the name of the template. Microsoft CA creates the template. Note This field is enabled only if the Online CA Type is Microsoft CA. • Online CA Type—Choose Microsoft CA or EST Supported CA for automatic enrollment of endpoint certificate. • Microsoft CA—Use this option when CA is Microsoft CA to allocate digital certificates to devices. Note FIPS enabled mode is not supported with Microsoft CA. • (Supported from Release 14SU2 onwards) EST Supported CA—Use this option when CA supports inbuilt EST server mode for automatic enrollment. Note Enrollment of CAPF LSC using EST supported CA is not supported in CC mode. • Online CA Username—Enter the username of the CA server. • Online CA Password—Enter the password for the username of the CA server. • Certificate Enrollment Profile Label—Enter the Digital Identity for EST Supported CA with valid characters. Note This field is enabled only if the Online CA Type is EST Supported CA. Step 7 Complete the remaining CAPF service parameters. Click the parameter name to view the service parameter help system. Step 8 Click Save. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 76 Basic System Security Configure Online Certificate Authority Settings