Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone

131

132

133

134

135

136

137

138

139

140

Setting Up Secure Survivable Remote Site Telephony

How to Configure Secure SRST

124

Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide

DETAILED STEPS

Examples

This section provides the following:

• Cisco Unified CallManager 4.X.X and Earlier Example, page 124

• Cisco Unified CallManager 5.0 and Later Example, page 127

Cisco Unified CallManager 4.X.X and Earlier Example

The following example shows three certificates imported to the SRST router (7970, 7960, PEM).

Router(config)# crypto pki trustpoint 7970

Router(ca-trustpoint)# revocation-check none

Router(ca-trustpoint)# enrollment terminal

Router(ca-trustpoint)# exit

Router(config)# crypto pki authenticate 7970

Enter the base 64 encoded CA certificate.

End with a blank line or the word "quit" on a line by itself

MIIDqDCCApCgAwIBAgIQNT+yS9cPFKNGwfOprHJWdTANBgkqhkiG9w0BAQUFADAu

Command or Action Purpose

Step 1

crypto pki trustpoint

name

Example:

Router (config)# crypto pki trustpoint 7970

Declares the CA that your router should use and enters

ca-trustpoint configuration mode.

• If you are using Cisco Unified CallManager 5.0, you

must configure four name arguments (CAPF, CiscoCA,

CiscoManufactureCA, and CiscoRootCA2048)

individually. See the “Cisco Unified CallManager 5.0

and Later Example” section on page 127.

Step 2

revocation-check

method1

Example:

Router(ca-trustpoint)# revocation-check none

Checks the revocation status of a certificate. The argument

method1 is the method used by the router to check the

revocation status of the certificate. For this task, the only

available method is none. The keyword none means that a

revocation check will not be performed and the certificate

will always be accepted.

• Using the none keyword is mandatory for this task.

Step 3

enrollment terminal

Example:

Router(ca-trustpoint)# enrollment terminal

Specifies manual cut-and-paste certificate enrollment.

Step 4

exit

Example:

Router(ca-trustpoint)# exit

Exits ca-trustpoint configuration mode and returns to global

configuration.

Step 5

crypto pki authenticate

name

Example:

Router(config)# crypto pki authenticate 7970

Authenticates the CA (by getting the certificate from the

CA).

• Enter the same name argument used in the crypto pki

trustpoint command.