PKI Enrollment in Cisco IP Telephony

To obtain a signed certificate, an IP phone needs to enroll with the entity that will issue (sign) the certificate. During enrollment, the phone will get the certificate of the issuer and then send its data to the issuer asking for a (signed) certificate. IP phone enrollment depends on the type of certificate.

With MICs, enrollment was already done by Cisco manufacturing during production. When the IP phone is shipped to the customer, it already has its public and private keys, a certificate issued by the Cisco manufacturing CA, and the certificate of the Cisco manufacturing CA installed. No other PKI provisioning tasks are required. MICs always remain on the phone, even if an LSC is added.

With LSCs, enrollment has to be done by the customer.

Note

If the IP phone has both a MIC and an LSC, the LSC has priority.

 

CAPF Acting as a CA

To obtain an LSC from the CAPF acting as a CA, an IP phone has to enroll with the CAPF, as shown in Figure 26-9.

Figure 26-9. CAPF Enrollment Process

The CAPF enrollment process is as follows:

  1. The IP phone generates its public and private key pairs.
  2. The IP phone downloads the certificate of the CAPF and uses it to establish a TLS session with the CAPF.
  3. The IP phone enrolls with the CAPF, sending its identity, its public key, and an optional authentication string.
  4. The CAPF issues a certificate for the IP phone signed with its private key.
  5. The CAPF sends the signed certificate to the IP phone.

CAPF Acting as a Proxy to an External CA

If an IP phone should obtain an LSC from an external CA using the CAPF as a proxy, the IP phone has to enroll with the external CA, as shown in Figure 26-10.

Figure 26-10. CAPF External CA Enrollment Process

The external CA enrollment process occurs as follows:

  1. The IP phone generates its public and private key pairs.
  2. The IP phone downloads the certificate of the CAPF and uses it to establish a TLS session with the CAPF.
  3. The IP phone sends an enrollment request to the CAPF, including its identity, its public key, and an optional authentication string.
  4. The CAPF forwards the request to the external CA.
  5. The external CA issues a certificate for the IP phone signed with the private key of the CA.
  6. The external CA sends the signed IP phone certificate to the CAPF.
  7. The CAPF sends the signed IP phone certificate to the phone.

Part I: Cisco CallManager Fundamentals

Introduction to Cisco Unified Communications and Cisco Unified CallManager

Cisco Unified CallManager Clustering and Deployment Options

Cisco Unified CallManager Installation and Upgrades

Part II: IPT Devices and Users

Cisco IP Phones and Other User Devices

Configuring Cisco Unified CallManager to Support IP Phones

Cisco IP Telephony Users

Cisco Bulk Administration Tool

Part III: IPT Network Integration and Route Plan

Cisco Catalyst Switches

Configuring Cisco Gateways and Trunks

Cisco Unified CallManager Route Plan Basics

Cisco Unified CallManager Advanced Route Plans

Configuring Hunt Groups and Call Coverage

Implementing Telephony Call Restrictions and Control

Implementing Multiple-Site Deployments

Part IV: VoIP Features

Media Resources

Configuring User Features, Part 1

Configuring User Features, Part 2

Configuring Cisco Unified CallManager Attendant Console

Configuring Cisco IP Manager Assistant

Part V: IPT Security

Securing the Windows Operating System

Securing Cisco Unified CallManager Administration

Preventing Toll Fraud

Hardening the IP Phone

Understanding Cryptographic Fundamentals

Understanding the Public Key Infrastructure

Understanding Cisco IP Telephony Authentication and Encryption Fundamentals

Configuring Cisco IP Telephony Authentication and Encryption

Part VI: IP Video

Introducing IP Video Telephony

Configuring Cisco VT Advantage

Part VII: IPT Management

Introducing Database Tools and Cisco Unified CallManager Serviceability

Monitoring Performance

Configuring Alarms and Traces

Configuring CAR

Using Additional Management and Monitoring Tools

Part VIII: Appendix

Appendix A. Answers to Review Questions

Index

show all menu





Authorized Self-Study Guide Cisco IP Telephony (CIPT)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
ISBN: 158705261X
EAN: 2147483647
Year: 2004
Pages: 329
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net