Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

CAPF proxy to external CA

CAPF.png

Hi my friends,

i am currently having some issue with the CAPF function on call manager 8.6. In version 4.x and 5.x (except 5.0), the CAPF can proxy the phone certification sign request to an external CA. But in the new version, I can't find this option in the CAPF service parameters. is it supported in the new versions? Can someone provide any documentation? Thanks.

Best Regards,

Guofang

Everyone's tags (5)
2 REPLIES
Cisco Employee

CAPF proxy to external CA

Hello,

  Are you planning on making you cluster secure?  Cisco Unified Communications Manager does not automatically activate the Certificate Authority Proxy Function service in Cisco Unified Serviceability.  Be sure to turn that on.  Then Generate a CSR for CAPF and have a CA sign it.  The cert that is signed by the CA will be a leaf cert.  You need to upload an identity cert from the CA as the root with CAPF-trust.  Then upload any intmedary certs as CAPF-trust also.  Then upload the leaf as CAPF.  After that you need to update the CTL file.  Make sure all the phones have the LSC before switching the phones to encrypted.

Thanks,

Anthony


New Member

CAPF proxy to external CA

I know that this is an old topic but I wonder if doing what Anthony suggested is enough to proxy phone LSC requests to the external CA? Isn't there anything else that needs to be setup? I want to use an external CA because of the option to revoke LSCs that are also used for 802.1x identity access.

Kr,

Alex.

867
Views
0
Helpful
2
Replies
CreatePlease login to create content