Table of Contents
Secure Configuration File
Signed Configuration File
- Signed by TFTP server
- Prevents tampering with configuration files on TFTP server or in transit.
Encrypted Configuration File
- Supported on:
- 7905, 7912 SIP Phones
- 797[015], 796[125], 794[125], 7931, 7911, and 7906 SCCP phones
- If the phones has a certificate
- CUCM uses the public key of the phones to encrypt the configuration file
- If the phone does not have a certificate, the encryption key must be manually entered into the phone
- 7905 and 7912 do not support CUCM PKI
- 7940 and 7960 do not support CUCM PKI when running SIP
- 7905 and 7912 have a writable web server
- Copy and paste the key into the phone using web access to the phone
- 7941 and 7960 have a readonly web server
- Manually enter the key into the phone using the phone keypad
Encrypted ConfFile Configuration
Secure Mode
- Verify that the cluster security mode is set to Secure.
- Follow steps in Public Key Infrastructure (PKI)
Phone Security Profile
- Under System > Phone Security Profile
- Create phone security profile
- Check the TFTP Encrypted Config check box
Phone config
- Apply the phone security profile to the phone(s).
- For phone that do not have certificates, set a symmetric file encryption key in the Phone configuration window
Phone
- Enter the symmetric configuration file encryption key into phones that do not have certificates
- The key must match that configured on CUCM