For enabling TLS, install X.509 certificate on both Content Server 7.2.1 and CUCM. This certificate can be CA signed or Self Signed certificate.
For CA signed certificate, generate Private Key and Certificate Signing Request (CSR) using OpenSSL and sign it with authorized CA.Using Private Key and CA signed certificate, execute the following commands:
openssl pkcs12 -inkey <private_key.key> -in <CA_signed_Certificate.pem> -export -out <cert.pfx>
openssl pkcs12 -in <cert.pfx> -nodes -out <tcs.pem>
Upload tcs.pem on TCS from Site Settings page and CA_signed_Certificate.pem on CUCM.
For Self-Signed Certificate, use TCSCertGen.cmd available in SIPTLS_SS_Certificate_Generator directory of TCS 7.2.1 package downloaded from CCO. TCSCertGen.cmd uses OpenSSL to generate self-signed certificate.Open command prompt as an administrator and do the following:
Step 1 Go to the SIPTLS_SS_Certificate_Generator directory path where TCS 7.2.1 package is placed
Step 2 Launch TCSCertGen.cmd for generating Self-Signed Certificate.
Step 3 Provide information like Location, Password to protect certificate and Common Name
Note Common Name is the name of system where Content Server 7.2.1 is installed.
TCSCertGen.cmd generates two certificates CUCM.pem (to be uploaded on CUCM) and tcs.pem (to be uploaded on TCS).
Figure 17-1 TCSCertGen.cmd
Configure Secure SIP on TelePresence Content Server
To configure secure SIP over TCP, follow these steps:
Step 1 Log in to Cisco TCS
Step 2 Click
Step 3 Navigate to Management > Configuration > Site Settings.
Step 4 In SIP settings section, check SIP enabled checkbox.
Step 5 Enter SIP display name and SIP address (URI)
Step 6 Select Trunk as SIP Registration mode.
Note Secure SIP signaling is supported only when TCS is registered in Trunk mode with CUCM
Step 7 Select Trunk Polling Interval
Step 8 Enter CUCM address in Server address
Step 9 Select Transport protocol as TCP and check TLS checkbox.
Note Secure SIP signaling is supported when packets are sent using TLS over TCP
Step 10 To upload certificate (here tcs.pem generated in Certificates section), click on Upload TLS certificate for Secure SIP link and browse to the certificate path.(When certificate is not uploaded on Content Server, TLS Certificate Details field displays “TLS certificate not available”).
Figure 17-2 TLS Certificate upload window
Note When certificate is successfully uploaded, Certificate upload successful message is displayed.
Step 11 After uploading certificate TLS Certificate Details field displays, Common Name and Validity date of the installed certificate.
Figure 17-3 SIP Settings for enabling TLS