cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

268
Views
0
Helpful
3
Replies
Highlighted
Engager

Signing ITL File

There is a CLI command to (re)sign the ITL file with CallManager certificate, but, unlike the CTL file, there's no command to sign the ITL file with the ITLRecovery certificate.

 

By some magic of restarting TVS & TFTP processes, I managed to get the ITL file signed by the ITLRecovery certificate, but that was luck rather than skill.

 

Is there a known process for signing the ITL file with the ITLRecovery certificate?

Please rate all helpful posts.
Everyone's tags (2)
3 REPLIES 3
Highlighted
VIP Advisor

Re: Signing ITL File

You can use this command to sign the ITL cert with ITLRecovery instead of
callmanager.pem.

utils itl reset localkey

The you can verify using the command 'show itl' that will give

SUBJECTNAME 66 CN=*ITLRECOVERY_test10pub.joemar2.lab*
;OU=tac;O=cisco;L=rtp;ST=nc;C=U



**** please remember to rate useful posts
Highlighted
Engager

Re: Signing ITL File

According to the docs, that command signs the ITL with the CallManager certificate...

Please rate all helpful posts.
Highlighted
Cisco Employee

Re: Signing ITL File

This is where that information came from. In case you want to learn more.

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/117598-technote-itl-00.html

In newer CUCM versions the ITL file is signed by the ITLRecovery by default.

CreatePlease to create content
Content for Community-Ad
Future of Work Virtual Summit Day 5

Cisco COVID-19 Survey