Uploading Certificates to Cisco Unified Communications Manager
Procedure
Step 1 In Cisco Unified Operating System Administration, select Security > Certificate Management.
Step 2 Select Upload Certificate.
Step 3 Cisco Unified Communications Manager 7.x: Select Phone-trust from the Certificate Name list box.
Cisco Unified Communications Manager 8.x or later: Select Phone-CTL-trust from the Certificate Name list box.
Step 4 Enter a description for the certificate in the Description field.
For example, enter Unity Connection Tomcat Certificate or Unity IIS Certificate.
Step 5 Enter the path to the certificate you downloaded in the Upload File field.
Step 6 Select Upload File.
Step 7 Select Close.
Signing the CTL File on Cisco Unified Communications Manager
Before You Begin
You must sign the CTL file. To do this, you need at least one security eToken. If this is the first time that the CTL file is being signed, you need two security eTokens.
The purpose of running the Cisco CTL Client plug-in is to sign the CTL file. This process does not configure secure messaging for Cisco Unified Communications Manager, or change Cisco Unified Communications Manager to secure mode or mixed mode.
The CTL file is signed so that the IP phone trusts the voicemail server certificate in the CTL file, and allows the phone to establish secure HTTPS connections to the voicemail server
Note Even if the phones already had a CTL installed, you must sign the modified CTL file after you upload the certificate to the Cisco Unified Communications Manager.
For more information about the Cisco CTL Client plug-in, see the Cisco Unified Communications Manager Security Guide at the following URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_maintenance_guides_list.html
Procedure
Step 1 In Cisco Unified Communications Manager Administration, select Application > Plugins.
Step 2 Select Find.
Step 3 Download the Cisco CTL Client plug-in to your computer.
Step 4 Run the Cisco CTL Client installer application.
Step 5 Start the Cisco CTL Client application.
Step 6 Enter the details of the publisher server on the Cisco Unified Communications Manager Server tab, then select Next.
|
|
Hostname or IP Address |
Enter the Hostname or IP address of the Cisco Unified Communications Manager publisher server to which you uploaded the certificate in Uploading Certificates to Cisco Unified Communications Manager. |
Port |
Enter the port of the Cisco Unified Communications Manager publisher server to which you uploaded the certificate. The default value is 2444. You do not need to change this value. |
Username |
Enter the administrator username for the Cisco Unified Communications Manager Administration application. |
Password |
Enter the administrator password for the Cisco Unified Communications Manager Administration application. |
Step 7 Select Update CTL File on the Cluster Security Mode tab, then select Next.
A message box prompts you to insert a security token.
Step 8 Insert a security eToken into your computer, then select OK on the message box.
Select Add or Next on the Security Token Information tab.
Step 9 Check that the CTL file is listed on the CTL Entries tab.
Verify that the hostname or address that you entered in Enter the details of the publisher server on the Cisco Unified Communications Manager Server tab, then select Next. is present in the Subject column of one of the entries.
Step 10 Select Finish.
If this is the first time that the CTL file is being signed, you are prompted to sign with two eTokens, as follows:
1. Select OK on the prompt message box.
2. Select Add Tokens on the CTL Entries tab.
3. Select OK on the prompt message box.
4. Remove the first eToken from your computer.
5. Insert the second security eToken into your computer.
6. Select Add on the Security Token Information tab.
7. Select Finish.
Step 11 Enter the password for the eToken in the Log On: eToken dialog box.
The default password for the eToken is provided with the eToken.
Step 12 Select OK.
Step 13 Select Done on the dialog box that shows the location of the CTL file.
Checking That the CTL File Is On 9971, 9951, or 8961 Phones in the System
The phones trust the certificates in the CTL file, so the phones can make secure connections to the server specified in the certificate.
Procedure
Step 1 Press the Settings button on any phone in the network.
Step 2 Select Administrator Settings.
Step 3 Select Security Setup.
Step 4 Select Trust List.
Step 5 Select CTL File.
Step 6 Check that the value of one of the Application Server entries is the hostname of the Cisco Unity or Cisco Unity Connection server.