i am currently having some issue with the CAPF function on call manager 8.6. In version 4.x and 5.x (except 5.0), the CAPF can proxy the phone certification sign request to an external CA. But in the new version, I can't find this option in the CAPF service parameters. is it supported in the new versions? Can someone provide any documentation? Thanks.
Are you planning on making you cluster secure? Cisco Unified Communications Manager does not automatically activate the Certificate Authority Proxy Function service in Cisco Unified Serviceability. Be sure to turn that on. Then Generate a CSR for CAPF and have a CA sign it. The cert that is signed by the CA will be a leaf cert. You need to upload an identity cert from the CA as the root with CAPF-trust. Then upload any intmedary certs as CAPF-trust also. Then upload the leaf as CAPF. After that you need to update the CTL file. Make sure all the phones have the LSC before switching the phones to encrypted.
I know that this is an old topic but I wonder if doing what Anthony suggested is enough to proxy phone LSC requests to the external CA? Isn't there anything else that needs to be setup? I want to use an external CA because of the option to revoke LSCs that are also used for 802.1x identity access.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...