Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco CUCM eToken & PKI

After activating the eToken on the CUCM and can we request an SSL certificate to be signed by Microsoft Infrastructure PKI. Which we can reupload on the CUCM again ?


Request   an SSL certificate to be signed by Sidra Infrastructure PKI team

VIP Super Bronze

Re: Cisco CUCM eToken & PKI

If you are running the cluster in mixed mode you need to read the security guide and be crystal clear how this works. If you don't you could cause a serious outage. A quick answer on here is not a substitute for reading the doc on this one.

You can CA-sign the CAPF certificate as a subordinate CA if you wish. You would need to re-run the CTL client to regenerate the CTL after doing so. Be careful to create a certificate template with the appropriate extended capabilities for this (explained in the security guide)!

If you're referring to another certificate such as CCM+TFTP or tomcat, the answer is also yes. The first would require the CTL be updated while the second would require that you have the signing CA in the tomcat-trust and tvs-trust store to ensure the ITL works properly.

Please remember to rate helpful responses and identify helpful or correct answers.

CreatePlease to create content