Looking for someone that has done already for some guidance. I know that you have you have to generate CSR for
2)CallManager or call-manager-trust
Am I missing something else?
Submit request to a CA like Verisign and then upload it to the Pub, restart tomcat and CAPF
Its a bit confusing especially sending the request to a CA because if I look at Verisign(Symantec), not sure what platform to select
OK, so, do you want to use encryption for calls??? If so, yes, you're missing a lot of what you need.
If all you want is to avoid getting an error when logging into CUCM webpages, then yes, you need to change the certs.
Thanks for the reply. No, I need the calls and signalling to be encrypted.
What Im confused to begin with is downloading the CSR and submitting the request. In the OS admin of my 10.5 CUCM. I downloaded callmanager and tomcat and submitted it to verisign. My questions for that are:
1) Is that the correct CSR?
2)What else do I need to download for submission
Then in Verisgn, there is a question there about platform and I am not sure what to choose so I choose Intel.
Now, what I know is whatever file(s), I get back from Verisign, i need to upload it to the CUCM, reboot it and enable mixed mode, correct
then, from that point , configure the phone for LSC? By the way, after encryption iscompleted. CUCM will now use TLS for signaling and SRTP for media, correct?
thanks in advance
1- yes , you are completely true . But why are you going to purchase a certificate from verisign , this is will take aroung from 500 to 1000 $? , the web GUI for CUCM is only open from administrator , or some few people who has control for CUCM. You can go for two ways , self signed , and this can be by download CSR and save to our PC , then upload it to your web browser or 2nd way to use microsoft CA , kindly find the below link:-
please rate all useful information
Thanks for the reply. Dont worry about the buying of certs as company is paying for it. :)
Second, is we want calls to be encrypted and not just web GUI
Thanks for all your replies Kamal but I am not just trying to get rid of that http error in the web gui. I am trying to enable full on encryption in the cucm. meaning, phones will have encryption, signaling is encrypted, media is encrypted as well
You need two of the security tokens (KEY-CCM-ADMIN-K9).
Follow this blog
When you are encrypting your phones, signalling, etc you need to have CUCM be in a secure or mixed mode state. In 10 version, those USB keys are not required since Cisco allows you to have tokenless CTL.
Once in secure mode, you have to apply a secure phone profile to the phones.
Here's 10.0 doc on phone security: