Dear all,
I try to register 7941G phone, (firwware=SCCP41.9-1-1SR1S) with MIC to CME with 12.4(20)T2 in UC 500, I already set up the CA, tftp-server, cme-server, capf-server, sast1,
but no work, here is the configuration, Please advise, many thanks.
Regards,
James
!
hostname CCME
!
clock timezone JP 9
!
crypto pki server cme-ca
grant auto
database url flash:
!
crypto pki trustpoint TP-self-signed-3097569863
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3097569863
revocation-check none
rsakeypair TP-self-signed-3097569863
!
crypto pki trustpoint cme-ca
enrollment url http://192.168.20.1:80
revocation-check crl
rsakeypair skey 1024 1024
!
crypto pki trustpoint capf-server
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
crypto pki trustpoint cme-server
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
crypto pki trustpoint tftp-server
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
crypto pki trustpoint sast1
enrollment url http://192.168.20.1:80
serial-number
revocation-check none
rsakeypair skey 1024 1024
!
!
crypto pki certificate chain TP-self-signed-3097569863
certificate self-signed 01
308201FB 30820164....
quit
crypto pki certificate chain cme-ca ---> this is CA
certificate ca 01
308201FB.....
quit
crypto pki certificate chain capf-server --->Capf
certificate 03
308201FF......
quit
certificate 02
308201FF......
quit
certificate ca 01
308201FB......
quit
crypto pki certificate chain cme-server --> CMe server
certificate 05
308201FF......
quit
certificate 04
308201FF......
quit
certificate ca 01
308201FB......
quit
crypto pki certificate chain tftp-server --->tftp server
certificate 07
308201FF......
quit
certificate 06
308201FF......
quit
certificate ca 01
308201FB......
quit
crypto pki certificate chain sast1 ---> sast1
certificate 09
308201FF......
quit
certificate 08
308201FF......
quit
certificate ca 01
308201FB......
quit
!
ctl-client
server cme 192.168.20.1 trustpoint cme-server
server tftp 192.168.20.1 trustpoint tftp-server
server capf 192.168.20.1 trustpoint capf-server
sast1 trustpoint sast1
!
capf-server
port 3804
auth-mode null-string
cert-enroll-trustpoint cme-ca password 1 11584B5643475D5B5C
trustpoint-label capf-server
source-addr 192.168.20.1
!
!
ip http server
no ip http secure-server
ip http path flash:/gui
!
!
telephony-service
secure-signaling trustpoint cme-server
cnf-file perphone
tftp-server-credentials trustpoint tftp-server
server-security-mode non-secure
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn 1 dual-line
number 178
!
ephone 6
device-security-mode authenticated
mac-address 0017.95B0.E733
type 7941
button 1:1
!
___________________________________________________________
CCME#show capf-server summary
CAPF Server Configuration Details
Trustpoint for TLS With Phone: capf-server
Trustpoint for CA operation: cme-ca
Source Address: 192.168.20.1
Listening Port: 3804
Phone Key Size: 1024
Phone KeyGen Retries: 3
Phone KeyGen Timeout: 30 minutes
Device Authentication Mode: Null-String
___________________________________________________________
CCME#sh ctl-client
CTL Client Information
----------------------
SAST 1 Certificate Trustpoint: sast1
SAST 1 Certificate Trustpoint:
List of Trusted Servers in the CTL
CME 192.168.20.1 cme-server
TFTP 192.168.20.1 tftp-server
CAPF 192.168.20.1 capf-server
_______________________________________________________________
CCME#sh ver
Cisco IOS Software, UC500 Software (UC500-ADVIPSERVICESK9-M), Version 12.4(20)T2
, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
________________________________________________________________
CCME#sh telephony-service security-info
Skinny Server Trustpoint for TLS: cme-server
TFTP Credentials Trustpoint: tftp-server
Server Security Mode: Non Secure
Global Device Security Mode: Non-Secure
CCME#
Phone=CP7941G
firwware=SCCP41.9-1-1SR1S
