Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone

121

122

123

124

125

126

127

128

129

130

Setting Up Secure Survivable Remote Site Telephony

How to Configure Secure SRST

115

Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide

Examples

The following example reflects one way of generating a CA.

Router(config)# crypto pki server srstcaserver

Router(cs-server)# database level complete

Router(cs-server)# database url nvram

Router(cs-server)# issuer-name CN=srstcaserver

Router(cs-server)# grant auto

% This will cause all certificate requests to be automatically granted.

Are you sure you want to do this? [yes/no]: y

Router(cs-server)# no shutdown

% Once you start the server, you can no longer change some of

% the configuration.

Are you sure you want to do this? [yes/no]: y

% Generating 1024 bit RSA keys ...[OK]

% Certificate Server enabled.

Autoenrolling and Authenticating the Secure SRST Router to the CA Server

The secure SRST router needs to define a trustpoint; that is, it must obtain a device certificate from the

CA server. The procedure is called certificate enrollment. Once enrolled, the secure SRST router can be

recognized by Cisco Unified CallManager as a secure SRST router.

There are three options to enroll the secure SRST router to a CA server: autoenrollment, cut and paste,

and TFTP. When the CA server is a Cisco IOS certificate server, autoenrollment can be used. Otherwise,

manual enrollment is required. Manual enrollment refers to cut and paste or TFTP.

Use the enrollment url command for autoenrollment and the crypto pki authenticate command to

authenticate the SRST router. Full instructions for the commands can be found in the Certification

Authority Interoperability Commands documentation. An example of autoenrollment is available in the

Certificate Enrollment Enhancements feature. A sample configuration is provided below.

Step 5

grant auto

Example:

Router (cs-server)# grant auto

Allows an automatic certificate to be issued to any

requestor.

• This command is used only during enrollment and will

be removed in the “Disabling Automatic Certificate

Enrollment” section on page 118.

Step 6

no shutdown

Example:

Router (cs-server)# no shutdown

Enables the Cisco IOS certificate server.

• You should issue this command only after you have

completely configured your certificate server.

Command or Action Purpose