Upload VPN Concentrator Certificates
Generate a certificate on the ASA when you set it up to support the VPN feature. Download the generated certificate to your PC or workstation and then upload it to Unified Communications Manager using the procedure in this section. Unified Communications Manager saves the certificate in the Phone-VPN-trust list.
The ASA sends this certificate during the SSL handshake, and the Cisco Unified IP Phone compares it against the values stored in the Phone-VPN-trust list.
The Cisco Unified IP Phone sends its Manufacturer Installed Certificate (MIC) by default. If you configure the CAPF service, the Cisco Unified IP Phone sends its Locally Significant Certificate (LSC).
To use device level certificate authentication, install the root MIC or CAPF certificate in the ASA, so that the Cisco Unified IP Phones are trusted.
To upload certificates to Unified Communications Manager, use the Cisco Unified OS Administration..
Procedure
Step 1 |
From Cisco Unified OS Administration, choose .The Certificate List window appears. |
Step 2 |
Click Upload Certificate. The Upload Certificate dialog box appears. |
Step 3 |
From the Certificate Purpose drop-down list, choose Phone-VPN-trust. |
Step 4 |
Click Browse to choose the file that you want to upload. |
Step 5 |
Click Upload File. |
Step 6 |
Choose another file to upload or click Close. For more information about certificate management, see Chapter 6, "Security," in the Cisco Unified Communications Operating System Administration Guide. |