About Cisco CTL Setup
Device, file, and signaling authentication rely on the creation of the Certificate Trust List (CTL) file, which is created when you install and configure the Cisco Certificate Trust List (CTL).
The CTL file contains entries for the following servers or security tokens:
System Administrator Security Token (SAST)
Cisco CallManager and Cisco TFTP services that are running on the same server
Certificate Authority Proxy Function (CAPF)
The CTL file contains a server certificate, public key, serial number, signature, issuer name, subject name, server function, DNS name, and IP address for each server.
After you create the CTL file, you must restart the Cisco CallManager and Cisco TFTP services in Cisco Unified Serviceability on all nodes that run these services. The next time that the phone initializes, it downloads the CTL file from the TFTP server. If the CTL file contains a TFTP server entry that has a self-signed certificate, the phone requests a signed configuration file in .sgn format. If no TFTP server contains a certificate, the phone requests an unsigned file.
- utils ctl set-cluster mixed-mode
- Updates the CTL file and sets the cluster to mixed mode.
- utils ctl set-cluster non-secure-mode
- Updates the CTL file and sets the cluster to non-secure mode.
- utils ctl update CTLFile
- Updates the CTL file on each node in the cluster.
When you configure a firewall in the CTL file, you can secure a Cisco ASA Firewall as part of a secure Unified Communications Manage system. It displays the firewall certificate as a "CCM" certificate.