Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone
121122123124125126127128129130
Setting Up Secure Survivable Remote Site Telephony
How to Configure Secure SRST
120
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
Certificate Server srstcaserver:
Status: enabled
Server's configuration is locked (enter "shut" to unlock it)
Issuer name: CN=srstcaserver
CA cert fingerprint: AC9919F5 CAFE0560 92B3478A CFF5EC00
Granting mode is: auto
Last certificate issued serial number: 0x2
CA certificate expiration timer: 13:46:57 PST Dec 1 2007
CRL NextUpdate timer: 14:54:57 PST Jan 19 2005
Current storage dir: nvram
Database Level: Complete - all issued certs written as <serialnum>.cer
Enabling Credentials Service on the Secure SRST Router
Once the SRST router has its own certificate, you need to provide Cisco Unified CallManager the
certificate. Enabling credentials service allows Cisco Unified CallManager to retrieve the secure SRST
device certificate and place it in the configuration file of the Cisco IP phone.
Activate credentials service on all SRST routers.
Note A security best practice is to protect the credentials service port using Control Plane Policing. Control
Plane Policing protects the gateway and maintains packet forwarding and protocol states despite a heavy
traffic load. For more information on control planes, see the Control Plane Policing documentation. In
addition, a sample configuration is given in the Control Plane Policing: Example” section on page 143.
SUMMARY STEPS
1. credentials
2. ip source-address ip-address [port port]
3. trustpoint trustpoint-name
4. exit