About Cisco CTL Setup
Device, file, and signaling authentication rely on the creation of the Certificate Trust List (CTL) file, which is created when you install and configure the Cisco Certificate Trust List (CTL).
The CTL file contains entries for the following servers or security tokens:
-
System Administrator Security Token (SAST)
-
CiscoCallManager and CiscoTFTP services that are running on the same server
-
Certificate Authority Proxy Function (CAPF)
-
TFTP server(s)
-
ASA firewall
-
ITLRecovery
When a Call Manager certificate is self-signed, the CTL file contains a server certificate, public key, serial number, signature, issuer name, subject name, server function, DNS name, and IP address for each server.
In the case of a Multi-SAN Call Manager certificate, the CTL file contains the Publisher's Call Manager certificate.
The next time that the phone initializes, it downloads the CTL file from the TFTP server. If the CTL file contains a TFTP server entry that has a self-signed certificate, the phone requests a signed configuration file in.sgn format. If no TFTP server contains a certificate, the phone requests an unsigned file.
- utils ctl set-cluster mixed-mode
- Updates the CTL file and sets the cluster to mixed mode.
- utils ctl set-cluster non-secure-mode
- Updates the CTL file and sets the cluster to non-secure mode.
- utils ctl update CTLFile
- Updates the CTL file on each node in the cluster.
When you configure a firewall in the CTL file, you can secure a Cisco ASA Firewall as part of a secure Unified Communications Manage system. It displays the firewall certificate as a "CCM" certificate.
Note |
|