Importing certificates from the cisco ucm – Cisco ASA 5505 User Manual
Page 997
48-15
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 48 Configuring the Cisco Phone Proxy
Configuring the Phone Proxy
•
Creating the TLS Proxy for a Mixed-mode Cisco UCM Cluster, page 48-21
•
Creating the Media Termination Instance, page 48-22
•
Creating the Phone Proxy Instance, page 48-23
•
Enabling the Phone Proxy with SIP and Skinny Inspection, page 48-25
•
Configuring Linksys Routers with UDP Port Forwarding for the Phone Proxy, page 48-26
Task Flow for Configuring the Phone Proxy in a Non-secure Cisco UCM Cluster
Follow these tasks to configure the phone proxy in a Non-secure Cisco UCM Cluster:
Step 1
Create trustpoints and generate certificates for each entity in the network (Cisco UCM, Cisco UCM and
TFTP, TFTP server, CAPF) that the IP phone must trust. The certificates are used in creating the CTL
file. See
Creating Trustpoints and Generating Certificates, page 48-17
.
Note
Before you create the trustpoints and generate certificates, you must have imported the required
certificates, which are stored on the Cisco UCM. See
Certificates from the Cisco UCM,
and
Importing Certificates from the Cisco UCM, page 48-15
Step 2
Create the CTL file for the phone proxy. See
Creating the CTL File, page 48-18
Step 3
Create the TLS proxy instance. See
Creating the TLS Proxy Instance for a Non-secure Cisco UCM
.
Step 4
Create the media termination instance for the phone proxy. See
Creating the Media Termination
.
Step 5
Create the phone proxy instance. See
Creating the Phone Proxy Instance, page 48-23
Step 6
Enable the phone proxy y with SIP and Skinny inspection. See
Enabling the Phone Proxy with SIP and
Importing Certificates from the Cisco UCM
For the TLS proxy used by the phone proxy to complete the TLS handshake successfully, it needs to
verify the certificates from the IP phone (and the Cisco UCM if doing TLS with Cisco UCM). To validate
the IP phone certificate, we need the CA Manufacturer certificate which is stored on the Cisco UCM.
Follow these steps to import the CA Manufacturer certificate to the ASA.
Step 1
Go to the Cisco UCM Operating System Administration web page.
Step 2
Choose Security > Certificate Management.
Note
Earlier versions of Cisco UCM have a different UI and way to locate the certificates. For
example, in Cisco UCM version 4.x, certificates are located in the directory
C:\Program
Files\Cisco\Certificates
. See your Cisco Unified Communications Manager (CallManager)
documentation for information about locating certificates.