Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
758
Views
0
Helpful
1
Replies

Validation of CTL file on phones with e-tokens

tschafferx
Level 1
Level 1

‎11-05-2019 05:05 AM

Hello Cisco community,

 

I was wondering how a phone with an existing ITL file can validate a new CTL which has been signed by etokens? I would assume that it uses TVS in oder to verify the signer (e-token). However I couldn't find these etokens in CUCM under the certificate trust stores. Does anyone know how the phone verifies the CTL and where the etokens reside on CUCM.

 

Thank you!

0 Helpful
1 Reply 1

tschafferx
Level 1
Level 1

‎11-11-2019 02:45 AM

For everyone that's interested. I verified the behavior with Phone Console logs and TVS traces.

The phone contacts TVS and requests it to verify the signer of the CTL (in that case e-token).

TVS is able to find the e-token (signer) in CUCM with a Role = 0 (meaning SAST).

I haven't found the exact location of where CUCM stores these e-tokens. Yet we can conclude that CUCM is able to verify the signer even tough these e-tokens don't show up on the OS GUI.

 

If anyone knows where they reside, I would be happy to find out.

 

Thank you.

0 Helpful
Customers Also Viewed These Support Documents