Cisco Cisco IP Phone 8841 Guía De Diseño
Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide
152
• Prior to selecting Import, browse to the template to be applied and enter the Encryption Key that was specified during
the template export process previously.
• The Cisco Wireless IP Phone 8821 and 8821-EX will need to be restarted after the template is uploaded.
Certificate Management
As of the 11.0(1) release for the Cisco Wireless IP Phone 8821 and 8821-EX, X.509 digital certificates can be utilized for EAP-
TLS or to enable Server Validation when using PEAP-GTC or PEAP-MSCHAPV2.
Certificates can be installed either automatically via Simple Certificate Enrollment Protocol (SCEP) or manually via the
phone’s admin webpage interface (
TLS or to enable Server Validation when using PEAP-GTC or PEAP-MSCHAPV2.
Certificates can be installed either automatically via Simple Certificate Enrollment Protocol (SCEP) or manually via the
phone’s admin webpage interface (
https://x.x.x.x:8443
).
Once a certificate is installed, Server Validation is automatically enabled if configured for EAP-TLS, PEAP-GTC, or PEAP-
MSCHAPV2.
Microsoft® Certificate Authority (CA) servers are recommended. Other CA server types may not be completely interoperable
with the Cisco Wireless IP Phone 8821 and 8821-EX.
Both DER and Base-64 (PEM) encoding are acceptable for the client and server certificates.
Certificates with a key size of 1024, 2048, and 4096 are supported.
Ensure the client and server certificates are signed using either the SHA-1 or SHA-256 algorithm, as the SHA-3 signature
algorithms are not supported.
Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.
A Server Certificate can also be installed by renaming it to WLANRootCA.cer then copying it to the TFTP server; which can
help when the RADIUS servers are issued certificates from a different CA chain than the CA chain used for issuing client
certificates or if wanting to quickly enable Server Validation for PEAP.
MSCHAPV2.
Microsoft® Certificate Authority (CA) servers are recommended. Other CA server types may not be completely interoperable
with the Cisco Wireless IP Phone 8821 and 8821-EX.
Both DER and Base-64 (PEM) encoding are acceptable for the client and server certificates.
Certificates with a key size of 1024, 2048, and 4096 are supported.
Ensure the client and server certificates are signed using either the SHA-1 or SHA-256 algorithm, as the SHA-3 signature
algorithms are not supported.
Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.
A Server Certificate can also be installed by renaming it to WLANRootCA.cer then copying it to the TFTP server; which can
help when the RADIUS servers are issued certificates from a different CA chain than the CA chain used for issuing client
certificates or if wanting to quickly enable Server Validation for PEAP.
Manual Installation
For out of box (factory reset) manual installation, the admin webpage interface is Enabled, the username is fixed to admin, and
the password is temporarily set to Cisco.
The temporary password will no longer be available once the phone registers to Cisco Unified Communications Manager.
The admin webpage interface will be Disabled on the phone once it registers to Cisco Unified Communications Manager
regardless if it contains support for the Web Admin and Admin Password options.
the password is temporarily set to Cisco.
The temporary password will no longer be available once the phone registers to Cisco Unified Communications Manager.
The admin webpage interface will be Disabled on the phone once it registers to Cisco Unified Communications Manager
regardless if it contains support for the Web Admin and Admin Password options.