Manualshelf

Specifications

ManualsBrandsAutoCommand ManualsRemote Control20036
101102103104105106107108109110
Setting Up Secure SRST
Information About Setting Up Secure SRST
101
Cisco IOS Survivable Remote Site Telephony Version 3.4 System Administrator Guide
SRST Routers and PKI
The transfer of certificates between an SRST router and Cisco CallManager is mandatory for secure
SRST functionality. Public key infrastructure (PKI) commands are used to generate, import, and export
the certificates for secure SRST. Table 7 shows the secure SRST supported Cisco IP phones and the
appropriate certificate for each phone. The “Importing Phone Certificate Files in PEM Format to the
Secure SRST Router” section on page 114 contains information and configurations about generating,
importing, and exporting certificates that use PKI commands.
Table 7 Supported Cisco IP Phones and Certificates
Cisco IP Phone 7940 Cisco IP Phone 7960 Cisco IP Phone 7970
The phone receives locally significant
certificate (LSC) from Certificate
Authority Proxy Function (CAPF) in
Distinguished Encoding Rules (DER)
format.
59fe77ccd.0
The filename may change based on
the CAPF certificate subject name
and the CAPF certificate issuer.
If Cisco CallManager is using a
third-party certificate provider,
there can be multiple .0 files (from
two to ten). Each .0 certificate file
must be imported individually
during the configuration.
Manual enrollment supported only.
The phone receives locally significant
certificate (LSC) from Certificate
Authority Proxy Function (CAPF) in
Distinguished Encoding Rules (DER)
format.
59fe77ccd.0
The filename may change based on
the CAPF certificate subject name
and the CAPF certificate issuer.
If Cisco CallManager is using a
third-party certificate provider,
there can be multiple .0 files (from
two to ten). Each .0 certificate file
must be imported individually
during the configuration.
Manual enrollment supported only.
The phone contains a manufacturing
installed certificate (MIC) used for
device authentication. If the Cisco 7970
implements MIC, two public certificate
files are needed:
CiscoCA.pem (Cisco Root CA, used
to authenticate the certificate)
a69d2e04.0, in Privacy Enhanced
Mail (PEM) format
If Cisco CallManager is using a
third-party certificate provider, there
can be multiple .0 files (from two to
ten). Each .0 certificate file must be
imported individually during the
configuration.
Manual enrollment supported only.