This document is meant to assist with configuring LSC provisioning on an Adaptive Security Appliance (ASA) running the Phone Proxy (PP) feature. It is meant specifically for the 7960 or 7940 phones which do not come with a Manufacturer Installed Certificate (MIC) and need to use a Locally Significant Certificate (LSC) to register securely with PP. This also assumes that you are running a nonsecure Cisco Unified Call Manager (CUCM).
Familiar with the ASA CLI
Familiar with CUCMs’ management interface
ASA and CUCM clocks are set to the correct time.
Ensure that you meet these requirements before you attempt this configuration:
The phone you are using is able to register on the inside of the ASA.
CUCM 6.x, 7.x, 8.0.x
ASA 8.0.4 or later with phone proxy configured.
Secure USB tokens are NOT required.
The Steps for configuration are outlined below:
1)Configure CUCM to provision a LSC
Cisco Unified Serviceability > Tools > Service Activation
Select Cisco CTL Provider
Select Cisco Certificate Authority Proxy Function (CAPF)
2)Copy the CAPF Certificate from the CUCM
Cisco Unified OS Administrator
Security > Certificate Management > Find
Click on CAPF.pem
Download the CAPF.pem file
3)Create a trustpoint and import the cert on the ASA
On ASA cli
PhoneProxyASA(config)# crypto ca trustpoint capf_trustpoint
Are you responsible for risk management, compliance management and auditing of a network?
If so, we’d like to speak with you to learn your current processes of enforcing compliance and managing risk to help us develop services that will ...
Hello All, ASA 8.X: AnyConnect Start Before Logon Feature Configuration - CiscoThe above Link mentions SBL Feature for Windows Client.Can anybody help me how to enable SBL feature for Linux to activate?Best Regards
Hi all, Hope you are doing well! I'm currently setting up a Cisco 1010 FirePower with FDM and have an issue with the RA VPN (fairly small network). Upon connecting to the VPN I would like to be able to access the FDM web console, however I canno...
Greetings, Our company sold one of our branch and only a specific OU needs to be redirected to a new domain while they complete a full turn-over with their clients and distributors. Is there a way from the Hosted CES to query securily the AD for...
Hello.My company is requesting to remove all native Java software from our PC's and servers.They have suggested a few alternatives to use. Wondering if anyone has used these and if they allow the CTC to work?= Adopt OpenJDK=Evergreen OpenJDK =Am...