Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone

121

122

123

124

125

126

127

128

129

130

Setting Up Secure Survivable Remote Site Telephony

How to Configure Secure SRST

122

Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide

DETAILED STEPS

Step 1 show credentials

Use the show credentials command to display the credential settings on the SRST router that are

supplied to Cisco Unified CallManager for use during secure SRST fallback.

Router# show credentials

Credentials IP: 10.1.1.22

Credentials PORT: 2445

Trustpoint: srstca

Step 2 debug credentials

Use the debug credentials command to set debugging on the credential settings of the SRST router.

Router# debug credentials

Credentials server debugging is enabled

Router#

Sep 29 01:01:50.903: Credentials service: Start TLS Handshake 1 10.1.1.13 2187

Sep 29 01:01:50.903: Credentials service: TLS Handshake returns OPSSLReadWouldBlockErr

Sep 29 01:01:51.903: Credentials service: TLS Handshake returns OPSSLReadWouldBlockErr

Sep 29 01:01:52.907: Credentials service: TLS Handshake returns OPSSLReadWouldBlockErr

Sep 29 01:01:53.927: Credentials service: TLS Handshake completes.

Importing Phone Certificate Files in PEM Format to the Secure SRST Router

This task completes the provisioning tasks required of Cisco IP phones to authenticate secure SRST.

Cisco Unified CallManager 4.X.X and Earlier

For systems running Cisco Unified CallManager 4.X.X and earlier, the secure SRST router must retrieve

phone certificates so that it can authenticate Cisco IP phones during the TLS handshake. Different

certificates are used for different IP phones. Table 7 on page 109 lists the certificates needed for each

type of phone.

Certificates must be imported manually from Cisco Unified CallManager to the SRST router. The

number of certificates depends on the Cisco Unified CallManager configuration. Manual enrollment

refers to cut and paste or TFTP. For manual enrollment instructions, see the Manual Certificate

Enrollment (TFTP and Cut-and-Paste) feature. Repeat the enrollment procedure for each phone or PEM

file.

Cisco Unified CallManager 5.0 and Later

Systems running Cisco Unified CallManager 5.0 and later require four certificates (CAPF,

CiscoManufactureCA, CiscoRootCA2048, and CAPF), which must be copied and pasted to SRST

routers.