Cisco Systems ASA 5585-X Manual De Usuario

Import the required certificates, which are stored on the Cisco UCM. See 

.

Once you have created the trustpoints and generated the certificates, create the CTL file for the phone 
proxy. See 

. 

If you are configuring the phone proxy in a mixed-mode cluster, you can use an existing CTL file. See 

Create the CTL file that will be presented to the IP phones during the TFTP requests. 

hostname(config)# crypto key generate rsa label 

key-pair-label modulus size

crypto key generate rsa label cucmtftp_kp modulus 

1024

Creates a keypair that can be used for the trustpoints.

hostname(config)# crypto ca trustpoint 

crypto ca trustpoint cucm_tftp_server

Creates the trustpoints for each entity in the network 
(primary Cisco UCM, secondary Cisco UCM, and 
TFTP server).

You are only required to create a separate 
trustpoint for the TFTP server when the 
TFTP server resides on a different server 
from the Cisco UCM. See 

 for an example of this 

configuration.

hostname(config-ca-trustpoint)# enrollment self

Generates a self-signed certificate. 

hostname(config-ca-trustpoint)# keypair keyname

keypair cucmtftp_kp

Specifies the keypair whose public key is being 
certified.

hostname(config-ca-trustpoint)# exit

Exits from the Configure Trustpoint mode.

hostname(config)# crypto ca enroll trustpoint

crypto ca enroll cucm_tftp_server

Requests the certificate from the CA server and 
causes the ASA to generate the certificate.

When prompted to include the device serial number 
in the subject name, type Y to include the serial 
number or type N to exclude it. 

When prompted to generate the self-signed 
certificate, type Y.