12-04-2017 12:10 AM - edited 03-17-2019 11:43 AM
Hi guys,
I've read in several docs that default root certs (CAP-RTP-001, CAP-RTP-002, Cisco_Manufacturing_CA and Cisco_Root_CA_2048) should be deleted from the trust store in CUCM so that only LSC certs will be used (trusted) to initiate a TLS connection with CUCM.
Deleting these root certs will no allow the phone to initiate TLS connection using it's MIC certificate.
In other words, CUCM will not trust MIC certs anymore.
What bothers me is that we actually use an existing cert (MIC) to install LSC certs on the phone for the first time.
Won't deleting the root certs that allow us to trust MIC brake this operation??
Solved! Go to Solution.
12-06-2017 06:21 PM
12-06-2017 06:21 PM
12-12-2017 02:13 AM
Great answer Jonathan,
Thanks a lot!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: