user manual

91-17
Cisco Unified Communications Manager Administration Guide
OL-18611-01
Chapter 91 Cisco Unified IP Phone Configuration
Phone Configuration Settings
Authentication Mode This field allows you to choose the authentication method that the phone uses during the
CAPF certificate operation.
From the drop-down list box, choose one of the following options:
By Authentication String—Installs/upgrades, deletes, or troubleshoots a locally
significant certificate only when the user enters the CAPF authentication string on the
phone.
By Null String— Installs/upgrades, deletes, or troubleshoots a locally significant
certificate without user intervention.
This option provides no security; Cisco strongly recommends that you choose this option
only for closed, secure environments.
By Existing Certificate (Precedence to LSC)—Installs/upgrades, deletes, or troubleshoots
a locally significant certificate if a manufacture-installed certificate (MIC) or locally
significant certificate (LSC) exists in the phone. If a LSC exists in the phone,
authentication occurs via the LSC, regardless whether a MIC exists in the phone. If a MIC
and LSC exist in the phone, authentication occurs via the LSC. If a LSC does not exist in
the phone, but a MIC does exist, authentication occurs via the MIC.
Before you choose this option, verify that a certificate exists in the phone. If you choose
this option and no certificate exists in the phone, the operation fails.
At any time, the phone uses only one certificate to authenticate to CAPF even though a
MIC and LSC can exist in the phone at the same time. If the primary certificate, which
takes precedence, becomes compromised for any reason, or, if you want to authenticate
via the other certificate, you must update the authentication mode.
By Existing Certificate (Precedence to MIC)—Installs, upgrades, deletes, or
troubleshoots a locally significant certificate if a LSC or MIC exists in the phone. If a MIC
exists in the phone, authentication occurs via the MIC, regardless whether a LSC exists
in the phone. If a LSC exists in the phone, but a MIC does not exist, authentication occurs
via the LSC.
Before you choose this option, verify that a certificate exists in the phone. If you choose
this option and no certificate exists in the phone, the operation fails.
Note The CAPF settings that are configured in the Phone Security Profile window interact
with the CAPF parameters that are configured in the Phone Configuration window.
Authentication String If you chose the By Authentication String option in the Authentication Mode drop-down list
box, this field applies. Manually enter a string or generate a string by clicking the Generate
String button. Ensure that the string contains 4 to 10 digits.
To install, upgrade, delete, or troubleshoot a locally significant certificate, the phone user or
administrator must enter the authentication string on the phone.
Table 91-1 Phone Configuration Settings (continued)
Field Description