cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Validation of CTL file on phones with e-tokens

tschafferx
Beginner
Beginner

Hello Cisco community,

 

I was wondering how a phone with an existing ITL file can validate a new CTL which has been signed by etokens? I would assume that it uses TVS in oder to verify the signer (e-token). However I couldn't find these etokens in CUCM under the certificate trust stores. Does anyone know how the phone verifies the CTL and where the etokens reside on CUCM.

 

Thank you!

1 REPLY 1

tschafferx
Beginner
Beginner

For everyone that's interested. I verified the behavior with Phone Console logs and TVS traces.

The phone contacts TVS and requests it to verify the signer of the CTL (in that case e-token).

TVS is able to find the e-token (signer) in CUCM with a Role = 0 (meaning SAST).

I haven't found the exact location of where CUCM stores these e-tokens. Yet we can conclude that CUCM is able to verify the signer even tough these e-tokens don't show up on the OS GUI.

 

If anyone knows where they reside, I would be happy to find out.

 

Thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: