Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1423
Views
0
Helpful
2
Replies

CAPF proxy to external CA

Guo Fang Sherlock Wu
Level 1
Level 1

‎03-17-2012 07:26 AM - edited ‎03-16-2019 10:11 AM

CAPF.png

Hi my friends,

i am currently having some issue with the CAPF function on call manager 8.6. In version 4.x and 5.x (except 5.0), the CAPF can proxy the phone certification sign request to an external CA. But in the new version, I can't find this option in the CAPF service parameters. is it supported in the new versions? Can someone provide any documentation? Thanks.

Best Regards,

Guofang

Labels:
0 Helpful
2 Replies 2

Anthony Ortiz
Cisco Employee
Cisco Employee

‎03-20-2012 07:58 PM

Hello,

  Are you planning on making you cluster secure?  Cisco Unified Communications Manager does not automatically activate the Certificate Authority Proxy Function service in Cisco Unified Serviceability.  Be sure to turn that on.  Then Generate a CSR for CAPF and have a CA sign it.  The cert that is signed by the CA will be a leaf cert.  You need to upload an identity cert from the CA as the root with CAPF-trust.  Then upload any intmedary certs as CAPF-trust also.  Then upload the leaf as CAPF.  After that you need to update the CTL file.  Make sure all the phones have the LSC before switching the phones to encrypted.

Thanks,

Anthony


0 Helpful

Alexandru Zamfir
Level 1
Level 1
In response to Anthony Ortiz

‎10-27-2012 03:45 PM

I know that this is an old topic but I wonder if doing what Anthony suggested is enough to proxy phone LSC requests to the external CA? Isn't there anything else that needs to be setup? I want to use an external CA because of the option to revoke LSCs that are also used for 802.1x identity access.

Kr,

Alex.

0 Helpful
Customers Also Viewed These Support Documents