Securing SRST
A SRST-enabled gateway provides limited call-processing tasks if the Unified Communications Manager cannot complete the call.
Secure SRST-enabled gateways contain a self-signed certificate. After you perform SRST configuration tasks in Unified Communications Manager Administration, Unified Communications Manager uses a TLS connection to authenticate with the Certificate Provider service in the SRST-enabled gateway. Unified Communications Manager then retrieves the certificate from the SRST-enabled gateway and adds the certificate to the Unified Communications Manager database.
After you reset the dependent devices in Unified Communications Manager Administration, the TFTP server adds the SRST-enabled gateway certificate to the phone cnf.xml file and sends the file to the phone. A secure phone then uses a TLS connection to interact with the SRST-enabled gateway.
Tip |
The phone configuration file only contains a certificate from a single issuer. Consequently, the system does not support HSRP. |