Creating the ctl file – Cisco ASA 5505 User Manual

Page 1000

Advertising
background image

48-18

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 48 Configuring the Cisco Phone Proxy

Configuring the Phone Proxy

Prerequisites

Import the required certificates, which are stored on the Cisco UCM. See

Certificates from the Cisco

UCM, page 48-7

and

Importing Certificates from the Cisco UCM, page 48-15

.

What to Do Next

Once you have created the trustpoints and generated the certificates, create the CTL file for the phone
proxy. See

Creating the CTL File, page 48-18

.

If you are configuring the phone proxy in a mixed-mode cluster, you can use an existing CTL file. See

Using an Existing CTL File, page 48-20

.

Creating the CTL File

Create the CTL file that will be presented to the IP phones during the TFTP requests.

Command

Purpose

Step 1

hostname(config)# crypto key generate rsa label

key-pair-label modulus size

Example:

crypto key generate rsa label cucmtftp_kp modulus

1024

Creates a keypair that can be used for the trustpoints.

Step 2

hostname(config)# crypto ca trustpoint

trustpoint_name

Example:

crypto ca trustpoint cucm_tftp_server

Creates the trustpoints for each entity in the network
(primary Cisco UCM, secondary Cisco UCM, and
TFTP server).

Note

You are only required to create a separate
trustpoint for the TFTP server when the
TFTP server resides on a different server
from the Cisco UCM. See

Example 3:

Mixed-mode Cisco UCM cluster, Cisco
UCM and TFTP Server on Different Servers,
page 48-46

for an example of this

configuration.

Step 3

hostname(config-ca-trustpoint)# enrollment self

Generates a self-signed certificate.

Step 4

hostname(config-ca-trustpoint)# keypair keyname

Example:

keypair cucmtftp_kp

Specifies the keypair whose public key is being
certified.

Step 5

hostname(config-ca-trustpoint)# exit

Exits from the Configure Trustpoint mode.

Step 6

hostname(config)# crypto ca enroll trustpoint

Example:

crypto ca enroll cucm_tftp_server

Requests the certificate from the CA server and
causes the ASA to generate the certificate.

When prompted to include the device serial number
in the subject name, type Y to include the serial
number or type N to exclude it.

When prompted to generate the self-signed
certificate, type Y.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals