Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone

111

112

113

114

115

116

117

118

119

120

Setting Up Secure Survivable Remote Site Telephony

Information About Setting Up Secure SRST

109

Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide

SRST Routers and PKI

The transfer of certificates between an SRST router and Cisco Unified CallManager is mandatory for

secure SRST functionality. Public key infrastructure (PKI) commands are used to generate, import, and

export the certificates for secure SRST. Table 7 shows the secure SRST supported Cisco Unified IP

Phones and the appropriate certificate for each phone. The “Importing Phone Certificate Files in PEM

Format to the Secure SRST Router” section on page 122 contains information and configurations about

generating, importing, and exporting certificates that use PKI commands.

Table 7 Supported Cisco IP Phones and Certificates

Cisco IP Phone 7940 Cisco IP Phone 7960 Cisco IP Phone 7970

The phone receives locally significant

certificate (LSC) from Certificate

Authority Proxy Function (CAPF) in

Distinguished Encoding Rules (DER)

format.

• 59fe77ccd.0

The filename may change based on

the CAPF certificate subject name

and the CAPF certificate issuer.

If Cisco Unified CallManager is

using a third-party certificate

provider, there can be multiple .0

files (from two to ten). Each .0

certificate file must be imported

individually during the

configuration.

Manual enrollment supported only.

The phone receives locally significant

certificate (LSC) from Certificate

Authority Proxy Function (CAPF) in

Distinguished Encoding Rules (DER)

format.

• 59fe77ccd.0

The filename may change based on

the CAPF certificate subject name

and the CAPF certificate issuer.

If Cisco Unified CallManager is

using a third-party certificate

provider, there can be multiple .0

files (from two to ten). Each .0

certificate file must be imported

individually during the

configuration.

Manual enrollment supported only.

The phone contains a manufacturing

installed certificate (MIC) used for device

authentication. If the Cisco 7970

implements MIC, two public certificate

files are needed:

• CiscoCA.pem (Cisco Root CA, used

to authenticate the certificate)

• a69d2e04.0, in Privacy Enhanced

Mail (PEM) format

If Cisco Unified CallManager is

using a third-party certificate

provider, there can be multiple .0

files (from two to ten). Each .0

certificate file must be imported

individually during the

configuration.

Manual enrollment supported only.