Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
191
Views
0
Helpful
4
Replies

how to setup sip oauth for IP phones using self signed certificate

jaheshkhan
Level 5
Level 5

‎06-20-2025 07:51 AM - edited ‎06-23-2025 12:07 AM

our client want to set up sip oauth for IP phone to encrypt media and signaling. They want to use self signed certificate for this setup . how to set up?
i planning to follow the following guide:
Security Guide for Cisco Unified Communications Manager Release 14 and SUs - SIP OAuth Mode [Cisco Unified Communications Manager (CallManager)] - Cisco
But as i mentioned client want to try with self signed certificate at the moment. so what root certificates we need to upload to "Phone Edge Trust" store . since it is self signed there won't be any CA root certificate. so do I need to upload both Tomcat and Tomcat-EC certificate as root to Phone Edge Trust" store.


Labels:
0 Helpful
4 Replies 4

jaheshkhan
Level 5
Level 5

‎06-22-2025 11:31 PM

Please help me in this regard. is this achievable?

0 Helpful

collinks2
Level 5
Level 5

‎06-23-2025 04:14 AM

I don't know about sip oauth for phones but I want to advise on the certificates. You can make Windows server Active directory domain certificate to sign the certificate. The root certificate of this internal Certificate Authority must be uploaded to the trust store of CUCM (tomcat trust store, call manager trust store, Phone Trust store)

0 Helpful

jaheshkhan
Level 5
Level 5
In response to collinks2

‎06-23-2025 04:28 AM - edited ‎06-23-2025 04:40 AM

thank you for the reply.

in the document it mentioned as below:

"You can generate and download the self-signed Tomcat and Tomcat-EC certificates, or CA signed root certificate, and then upload this certificate as the Phone-Edge-Trust certificates on the Unified Communications Manager system. The IP Phones can accept a maximum of 16 Phone-Edge-Trust certificates."

i downloaded both tomcat and tomcat-EC adn then uploaded to phone-edge-trust of publisher. i cannot see the same in subscriber. so i didnt upload there.

im now getting in the 7841 phone status messages as  " the token request failed"  while registering and stuck in registration process. there is no document related to this error

 

0 Helpful

collinks2
Level 5
Level 5
In response to jaheshkhan

‎06-23-2025 01:09 PM

To distribute certificate from a Publisher to a subscriber, make use of a multi San certificate. For the token error, I suspect Certificate mismatch. Try to use an internal  CA to sign the certificate and test.

0 Helpful
Customers Also Viewed These Support Documents