manufacturing-installed certificate (MIC) for ccm 5.x phone

Unanswered Question
Jun 14th, 2007

The following is quoted from the above link. My question is

1. How do I know that phone contains it already?

2. How can we get the phone which contains it already? When we order the phone?



If the phone contains a manufacturing-installed certificate (MIC) or a locally significant certificate (LSC), the phone contains a public and private key pair.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thisisshanky Thu, 06/14/2007 - 07:28

Almost all new gen phones such as 7970/71/61/41 contain a MIC. LSC can be installed on phones after converting the cluster to Mixed mode and you can install/upgrade a LSC under each phone from under the device configuration phone. LSC will override any MICs that are on the phone (factory installed). Or if you dont want to install a MIC, you can simply convert the phone security mode to Secure.



PS: please remember to rate posts!

ciscoforum Thu, 06/14/2007 - 11:22

New to phone security. What's the difference between MIC and LSC? Which one do we prefer?

thisisshanky Thu, 06/14/2007 - 12:09

MIC comes installed on the phones i mentioned earlier. This is a permanent to the phone and cannot be changed. Now LSC is something you can install on the phone and can be erased and re-written with a new one if you want to. LSC always takes precedence over MIC. Now why do we need both ? Good question. If LSC gets compromised, then you can change the auth mode to "By Existing Certifcicate (Precedence to MIC)" and this will case the phone to start using the MIC for authentication. Think of MIC as a backup which can be used for authentication.



PS: please remember to rate posts!

ciscoforum Fri, 06/15/2007 - 06:59

Is there a link specifially talk about how they work in detail? Thanks


This Discussion