Specifications
Setting Up Secure Survivable Remote Site Telephony
How to Configure Secure SRST
123
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
Prerequisites
You must have certificates available when the last configuration command (crypto pki authenticate),
issues the following prompt:
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
Cisco Unified CallManager 4.X.X and Earlier
For Cisco Unified CallManager 4.X.X and earlier, certificates are found by going to the menu bar in
Cisco Unified CallManager, choose Program Files > Cisco > Certificates.
Open the .0 files with Windows Wordpad or Notepad, and copy and paste the contents to the SRST router
console. Then, repeat the procedure with the .pem file. Copy all of the contents that appear between
“-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----”.
Cisco Unified CallManager 5.0 and Later
For Cisco Unified CallManager 5.0 and later, perform the following steps.
Step 1 Login to Cisco Unified CallManager.
Step 2 Go to Security > Certificate Management > Download Certificate/CTL.
Step 3 Select Download Trust Cert and click Next.
Step 4 Select CAPF-trust and click Next.
Step 5 Select CiscoCA and click Next.
Step 6 Click Continue.
Step 7 Click the file name.
Step 8 Copy all of the contents that appear between “-----BEGIN CERTIFICATE-----” and “-----END
CERTIFICATE-----” to a location where you can retrieve it later.
Step 9 Repeat Steps 5 through 8 for CiscoManufactureCA, CiscoRootCA2048, and CAPF.
Restrictions
HTTP automatic enrollment from Cisco Unified CallManager through a virtual web server is not
supported.
SUMMARY STEPS
1. crypto pki trustpoint name
2. revocation-check method1
3. enrollment terminal
4. exit
5. crypto pki authenticate name