Specifications
Cisco Unified Wireless IP Phone 7921G Series Deployment Guide 74
Installing Certificates
The Cisco Unified Wireless IP Phone 7921G supports DER encoded binary X.509 certificates, which can be utilized with EAP-
TLS or for authentication server validation when using PEAP (MS-CHAPv2).
Extensible Authentication Protocol Transport Layer Security (EAP-TLS) is using the TLS protocol with PKI to secure
communications to the authentication server.
TLS provides a way to use certificates for both user and server authentication and for dynamic session key generation.
EAP-TLS provides excellent security, but requires client certificate management.
Microsoft Certificate Authority (CA) servers are recommended as we have certified interoperability only with those CA types.
Other CA server types may not be completely interoperable with the Cisco Unified Wireless IP Phone 7921G.
Can utilize either the internal MIC (Manufacturing Installed Certificate) or install a User Installed certificate to be used for
authentication.
To use the MIC in the Cisco Unified Wireless IP Phone 7921G, the Manufacturing Root and Manufacturing CA certificates
must be exported and installed onto the RADIUS server.
After selecting “Export”, import the certificates into the RADIUS server and enable them in the certificate trust list.
For the user installed certificate method, select “Install” on the main certificates page, which will launch the installation wizard.
To generate the certificate signing request, enter the certificate information and import the certificate from the Certificate
Authority (CA) server that is signing the certificate. The signing CA root certificate is used for validation purposes to ensure
that the user certificate was indeed signed by the correct CA.
The Common Name defaults to “CP-7921G-SEP<MAC_Address>”, but can be customized, but must not be greater than 32
characters.