SRTP CUCM 7.X

Unanswered Question
Feb 10th, 2010

hi,

I have a lab setup with Cisco UCM 7.0.2 and i have two phones registered to the CUCM , one SIP and one SCCP phone.

I have another 3rd party PBX with phones ringing these two phones. I want to enable SRTP and my main question is as follows:

to activate SRTP for the Cisco phones do i need to set my CUCM to mixed mode ?

Both Cisco phones have MIC certs installed on them and looking at the settings on the phones it looks like the phones

are in non-secure mode. I used CTL client to see could i change the CUCM to mixed mode but i get a response saying i need

a security token.

/Tom

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jaime Valencia Wed, 02/10/2010 - 12:28

You need 2 security tokens for that, if you don't have them it's impossible to enable encryption.

Configuring the Cisco CTL Client

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_1_2/secugd/secuauth.html

Before you configure the Cisco CTL Client, verify that you activated the Cisco CTL Provider service and the Cisco Certificate Authority Proxy Function service in Cisco Unified Serviceability. Obtain at least two security tokens; the Cisco certificate authority issues these security tokens. The security tokens must come from Cisco. You will insert the tokens one at a time into the USB port on the server/workstation. If you do not have a USB port on the server, you may use a USB PCI card.

HTH

java

If this helps, please rate

www.cisco.com/go/pdihelpdesk

tommyphelan Thu, 02/11/2010 - 01:15

thanks for the speedy response Java

I have one more question to clarify more for me.

I understand now that i need two Security Tokens to enable mixed mode for the CUCM.

Is it neccesary to put LSC certs onto the phone also for SRTP or should the MIC certs suffice ?

Eugene Zuevski Thu, 10/25/2012 - 07:20

Is is possible to use security tokens in vmware environment installation refers to the CUCM 9.0?

Robert Thomas Thu, 10/25/2012 - 07:27

I think you can use the same CTL for vmware cobsider the usb will be connected to the admin pc with the ctl client software not the server itself.

The the ctl client will insert the certs into the cucm cluster.

Sent from Cisco Technical Support iPhone App

jeffrdix Fri, 07/02/2010 - 07:34

It is strongly recommended that you use LSC's as opposed to MIC's

 

 

 

Tip

Cisco recommends that you use manufacturer-installed certificates (MICs) for LSC installation only. Cisco supports LSCs to authenticate the TLS connection with Cisco Unified Communications Manager. Because MIC root certificates can be compromised, customers who configure phones to use MICs for TLS authentication or for any other purpose do so at their own risk. Cisco assumes no liability if MICs are compromised.

Actions

This Discussion

Related Content