Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1384
Views
0
Helpful
1
Replies

Changing the CUCM 9.1(1) hostname defined by an IP Address

Chi Fai Leung
Level 1
Level 1

‎06-17-2013 09:29 PM - edited ‎03-16-2019 05:55 PM

Hi All UC experts,

I want to change the hostname of my CUCM 9.1(1), but this is running lots of services already.

According the Cisco guide, the steps are very straightforward: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/install/9_1_1/ipchange/ipchg911.html#wp42511

It is a well-known fact that The CUCM changed the hostname, then the Cert. would change together.

Changing the hostname triggers an automatic, self-signed Certificate Regeneration. After the server reboots automatically, secure connections to this server fail until the CTL client runs anew and the CTL file updates.

Any methods can suggest to take the no change as below?

1. Internal IP Phone: Re-generate the ITL files

2. VPN IP Phone: Re-generate the “Manufacturing” Cert. and “CAPF” Cert. to ASA firewall, so It maybe need to bring all distributed IP-Phones to corporate network.

Can the ITL files update automatically?

Will the VPN IP Phone need retrieve back to corporate network? Need register the VPN Phone at corporate to update?

Labels:
0 Helpful
1 Reply 1

Stephen Welsh
Level 4
Level 4

‎06-18-2013 02:00 AM

Hi,

Great question, have you reviewed Jason Burns document on how security by default works:

If you follow the flowchart in Jason's document you should be able to leverage the TVS service to allow the phone to update it's CTL/ITL file(s) on the basis the TVS service is trusted by the phone, and that same service has visibility of the new CTL file (may require the TVS service to restart)

As I'm sure you are aware you need to get this procedure 100% nailed or you may end up having to delete ITL/CTL files, if you are not already aware of a product called PhoneView from UnifiedFX I strongly recommend you have a look as it has two key capabilites relevant to your project:

  • Detect which phones have bad ITL Files
  • Bulk delete ITL/CTL Files

You can download PhoneView for FREE to use on up to 50 phones, if you want to test with more phones you can request a trial from here:

http://www.unifiedfx.com/phoneview/trial

Also,

I recommend you read Akhil Behl's book to get a full picture on Cisco's PKI implimentation:

"Securing Cisco IP Telephony Networks"

http://www.amazon.com/dp/1587142953

Thanks

Stephen Welsh

CTO

http://www.unifiedfx.com

0 Helpful
Customers Also Viewed These Support Documents