cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
414
Views
5
Helpful
3
Replies
Tritium11
Beginner

Trusted Root Stores - Voip Devices - Certificates - PKI

Hi Everyone,

 

I had a question about what certificates or trust stores to use. I am not well versed in certificates so I am hoping someone here can clarify things or point me to some documentation. 

 

We use Cisco's VOIP phones and ATA's that use the multiplatform firmware. I found the PKI site that has a lot of different certificates and it looks like the Trust Stores are bundles of certificates. Listed here: https://www.cisco.com/security/pki/

 

Is there any documentation as to which certs or cert bundles encompasses cisco's voip products. I have an ATA191 that we found needs the Cisco Manufacturing CA (cmca2) cert and the Cisco Root CA M2 (crcam2) cert to be loaded in the browser. But I do not know if this is ideal or will be valid for other hardware. 

 

I see that there are 3 different trusted root stores. Core, Union and External but I do not know what this means. If anyone can clarify that would be great.

 

3 REPLIES 3
Geovani Goncalves
Cisco Employee

Hi there, 

Please download the Client Root Certificates bundle from CDA https://software.cisco.com/software/cda/home

Hi Geovani,

 

Thank you for that link. I registered as certificate manager and downloaded the Combined Client root certificate for SPA phones, ATAs and CP-78xxx-3PCC/CP-88xx-3pcc phone.

 

I removed the  Cisco Manufacturing CA (cmca2) cert and the Cisco Root CA M2 (crcam2) certs and installed the Combined Client root certificate.

 

Then tried to hit the webpage of a Cisco ATA 19X and it didn't work. What am I missing?

Geovani Goncalves
Cisco Employee

Hi, 

What are you trying to achieve? Sign  the ATA client certificate? So when you log in using HTTPS you wont get a cert trust error?

If thats the case, then it won't work. The ATA or any other MPP devices do not support that yet. 

Thanks 

Geovani 

Create
Recognize Your Peers
Content for Community-Ad