Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
1
Replies

IP Phones using Certificate based Authentication

PaulPonzeka
Level 1
Level 1

‎04-02-2020 08:16 AM

We are using Cisco Call Manager 11.5 and have recently configured IP Phones to connect to the ASA VPN using certificate based authentication.  We configurd CAPF, took the CA from CAPF and imported it on the ASA.  We can connect remotely using certificate based authentication with no issue.  My question comes around a couple of things:

 

1.  What is the lifetime of that certificate on the phone?  Do they get renewed periodically over the VPN?

2.  How would i disable a users phone from connecting to the VPN.  Say John Smith is using certificate based authentication, I can delete his phone from call manager and he wont be able to register anymore, but he would still be able to connect to VPN.  Is there anyway to prevent that? 

0 Helpful
1 Reply 1

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

‎04-02-2020 10:45 PM

The life time of any certificate is based on it's expiry date. Each root, intermediary and client certificate have expiry dates. The certs remain valid until that time. 

Uses connecting via phone vpn are completely separate from users login to vpn on their desktops. Deleting a phone won't stop a user using the enterpise VPN

Please rate all useful posts
0 Helpful
Customers Also Viewed These Support Documents