Here's how to get yours.
Ten easy steps (super abridged version):
|Look for your padlocks!|
- Sign your CUCM tomcat and CallManager certificates, IM&P tomcat, cup-xmpp and cup-xmpp-s2s certificates and UCXN tomcat certificate.
- Activate and start CAPF on CUCM and restart TFTP.
- Install LSCs on devices via CAPF enrollment.
- Change CUCM to Mixed Mode and retart TFTP and CallManager.
- Create a secure Phone Security Profile and apply to on-premise endpoints.
- Sign Expressway C server certificate and include an alternate name to use as a CUCM device security profile name.
- Sign Expressway E server certificate and include an alternate name of just domain.
- Configure Expressway C and E for MRA.
- Configure a secure Device Security Profile called your C alternative name and apply to outside CUCM devices.
- Make calls and enjoy the padlocks.
- Apply a secure profile to the CUCM SIP trunk where the Subject Name is CUC FQDN and transports use TLS and port 5061.
- Change your CUC port group to use 5061/TLS, Next Generation Encryption and sRTP.
- If using TLS to secure communication between CUCM and your LDAP server, change the port from the default 389 to 636.