Cisco Community
English
Register
ANNOUNCEMENT - Upcoming Changes in the email address of Community email notifications - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

919
Views
5
Helpful
2
Replies
Highlighted
Pasha Teplitsky
Beginner
Beginner
‎12-04-2017 12:10 AM
‎12-04-2017 12:10 AM

CUCM Security- MIC certificates

Hi guys,

I've read in several docs that default root certs (CAP-RTP-001, CAP-RTP-002, Cisco_Manufacturing_CA and Cisco_Root_CA_2048) should be deleted from the trust store in CUCM so that only LSC certs will be used (trusted) to initiate a TLS connection with CUCM.

Deleting these root certs will no allow the phone to initiate TLS connection using it's MIC certificate. 

In other words, CUCM will not trust MIC certs anymore.

What bothers me is that we actually use an existing cert (MIC) to install LSC certs on the phone for the first time.

Won't deleting the root certs that allow us to trust MIC brake this operation??

0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Jonathan Schulenberg
VIP Mentor VIP Mentor
VIP Mentor
‎12-06-2017 06:21 PM
‎12-06-2017 06:21 PM

Re: CUCM Security- MIC certificates

Not if you’re careful which trust store you delete them from. You want to delete them from the CallManager-Trust but NOT the CAPF-Trust. The former is which client certifies to allow for phone registration and while the later defines which client certificates to permit for CAPF enrollment.

View solution in original post

Reply
2 REPLIES 2
Highlighted
Jonathan Schulenberg
VIP Mentor VIP Mentor
VIP Mentor
‎12-06-2017 06:21 PM
‎12-06-2017 06:21 PM

Re: CUCM Security- MIC certificates

Not if you’re careful which trust store you delete them from. You want to delete them from the CallManager-Trust but NOT the CAPF-Trust. The former is which client certifies to allow for phone registration and while the later defines which client certificates to permit for CAPF enrollment.

View solution in original post

Reply
Highlighted
Pasha Teplitsky
Beginner
Beginner
‎12-12-2017 02:13 AM
‎12-12-2017 02:13 AM

Re: CUCM Security- MIC certificates

Great answer Jonathan,

Thanks a lot!

0 Helpful
Reply
Latest Contents
VG310 RJ21 cable and patch panel
Created by Yangjp715 on 07-14-2020 05:40 PM
2
0
2
0
Hi all, I am planning to purchase a VG310, RJ21 cable and the patch panel, is there anyone who can confirm the following specifics. Cat5 25 Pair or is this Cat3 25 Pair:Do i need FT4 or FT6:Male or Female Connector on the Amphenol end: Than... view more
ISR2901 VG using VIC2-2BRI-NT/TE
Created by James Liao on 07-12-2020 11:11 PM
3
0
3
0
This VG is connected with CUCM via MGCP. On the CM, GW has been registered.I don't think I can get the inbound correctly. Any suggestion with below configure: interface BRI0/1/0no ip addressisdn switch-type nttisdn point-to-point-setupisdn incom... view more
Deleting my free and paid account
Created by Janet.dvcas on 07-08-2020 12:17 AM
0
0
0
0
Hi,  My name is JanetMy portal ID is https://nwswdvcas-taw.my.webex.com/meet/janet.dvcasI do want you please to delete both my accounts with Webex (free and Paid)So my organisation can join me on another Webex Account as another Host. I did foll... view more
voice call
Created by bhuiyanISP on 07-04-2020 09:09 AM
0
0
0
0
Online Classes: Planning, Deploying and Managing Control Hub...
Created by kathyMill345 on 06-29-2020 06:00 AM
0
0
0
0
Our beginner online classes are designed to help IT Admins plan, deploy, and manage their Webex Control Hub environment. Start off by learning what critical elements are needed to deploy Control Hub or move into Webex features that can be used to better ... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community May 2020 Spotlight Award Winners

Cisco COVID-19 Survey

Follow our Social Media Channels