Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EMCC and 3rd Party certificates


I have a question regarding PKI certificates on EMCC. I am trying to determine the advantages and disadvantages of using 3rd party certificates with EMCC.


The organisation's CUCM clusters are running in normal (unsecure mode), not mixed mode.

The organisation has an existing internal PKI system, with heirachical CAs (e.g. Root CA and separate Issuing CAs).

With regard to the certificate consolidation process when configuring EMCC, if you were to replace the CUCM and tomcat certificates with certs that we issued by the organisations CA, and the Root CA was installed as a trusted CA, would that then result in all CUCM nodes and phones trusting all other nodes from remote clusters that also trusted the Root CA?

The advantage of this would be that you would not need to re-run the certificate Consolidation/import process on every cluster each time a new node is added...

Or, does the EMCC feature implementation require that the individual certificate that is being used by the remote cluster's tomcat and tftp services is directly imported via the bulk consolidation and import process documented in the config guide. I suspect this would mean there is little advantage in using the certificates generated by the internal PKI system, when not using SRTP.

Thanks in advance for your help.