06-17-2013 09:29 PM - edited 03-16-2019 05:55 PM
Hi All UC experts,
I want to change the hostname of my CUCM 9.1(1), but this is running lots of services already.
According the Cisco guide, the steps are very straightforward: http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/install/9_1_1/ipchange/ipchg911.html#wp42511
It is a well-known fact that The CUCM changed the hostname, then the Cert. would change together.
Changing the hostname triggers an automatic, self-signed Certificate Regeneration. After the server reboots automatically, secure connections to this server fail until the CTL client runs anew and the CTL file updates.
Any methods can suggest to take the no change as below?
1. Internal IP Phone: Re-generate the ITL files
2. VPN IP Phone: Re-generate the “Manufacturing” Cert. and “CAPF” Cert. to ASA firewall, so It maybe need to bring all distributed IP-Phones to corporate network.
Can the ITL files update automatically?
Will the VPN IP Phone need retrieve back to corporate network? Need register the VPN Phone at corporate to update?
06-18-2013 02:00 AM
Hi,
Great question, have you reviewed Jason Burns document on how security by default works:
If you follow the flowchart in Jason's document you should be able to leverage the TVS service to allow the phone to update it's CTL/ITL file(s) on the basis the TVS service is trusted by the phone, and that same service has visibility of the new CTL file (may require the TVS service to restart)
As I'm sure you are aware you need to get this procedure 100% nailed or you may end up having to delete ITL/CTL files, if you are not already aware of a product called PhoneView from UnifiedFX I strongly recommend you have a look as it has two key capabilites relevant to your project:
You can download PhoneView for FREE to use on up to 50 phones, if you want to test with more phones you can request a trial from here:
http://www.unifiedfx.com/phoneview/trial
Also,
I recommend you read Akhil Behl's book to get a full picture on Cisco's PKI implimentation:
"Securing Cisco IP Telephony Networks"
http://www.amazon.com/dp/1587142953
Thanks
Stephen Welsh
CTO
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide