For the phone-proxy to works properly does i need to put a certificate on the IP Phones?
The Locally Significant Certificate must be manually installed on the IP Phone. Installing the LSC requires the use of at least two USB eTokens and the CTL Client. The CTL Client is used to generate the necessary certificates on the CallManager. Once the CTL Provider and CAPF Services are activated on the cluster, the CTL Client can be run to generate the CTL file on the CallManager. Once this process completes it is then possible to set the "Certificate Operation" on the IP Phone to "Install/Upgrade" through the CCMAdmin Interface. This process must be used for all 7940/60 and older model IP Phones. Without the USB eToken and the CTL Client there is no way to install LSCs on IP Phones. The Part number for the USB eToken is: KEY-CCM-ADMIN-K9=
Note: Even if LSCs are deployed, the hard phone must first register and authenticate with a MIC since the phone-proxy does NOT allow auto-registration.