eduardo:cisco:cucm:cucm-sec-conf
Table of Contents
Secure Conferencing
- Registers with CUCM using SCCP over TLS
- TLS authentication includes two-way certficate exchange:
- CUCM certificate(s) have to be known by secure conference bridge (to be able to compare received certificate).
- Certificate of CA that issued certificate to secure conference bridge has to be known in CUCM (to be able to verify signature of received certificate)
- Manually added during configuration time.
Configuration
IOS Obtain Conf Cert from CA
- This is the certificate for the conferencing resource.
- Obtain a conference certificate for the secure conference media resource at the Cisco IOS router.
- The fingerprint of the certificate will be displayed
- The certificate has to be accepted to be stored in the NVRAM.
IOS Associate Conf Cert
- Configure a secure conference media resource in Cisco IOS software and associate it with the previously obtained certificate.
CUCM Export CUCM Certs
- Under CUCM OS Admin > Security > Certificate Management
- Export CUCM certificate(s)
- Needs to be done on each CUCM the secure conference can register with
IOS Add CUCM Cert
- Add download CUCM certificate(s) to Cisco IOS router
IOS Export CA Cert
- Export certificate of the CA that issued the certificate to the secure conference media resource
- This the the certificate of the CA that signed the conference certificate.
CUCM Add CA Cert
- Under CUCM OS Admin > Security > Certificate Management
- Add downloaded CA certificate(s) to CUCM server(s)
CUCM Secure Conference
- Add and configure the secure conference bridge in CUCM
CUCM Meet-Me (Optional)
- (Optional) Configure a minimum security level for Meet-Me conferences if desired (default is non-secure).
eduardo/cisco/cucm/cucm-sec-conf.txt · Last modified: 2024/02/23 08:20 by 127.0.0.1