Sunday, 20 March 2022

CA automatic enterprise CA endpoint Certificate enroll

 


MMC.exe

Console I - [Console Root] File Action Viewu Favorites Console Root Windowu Help Name Add or Remove Snap-ins There are no items to shouu in this viewu. Actions More Actions You can select snap-ins For this console From those available on your computer and configure the selected set OF snap-ins. For extensible snap-ins, you can configure which extensions are enabled. Available snap-ins: Vendor Snap-in Microsoft Cor.. Active Directory Do... Active Directory Site... Microsoft Cor.. Microsoft Cor... Active Directory Use... ActiveX Control Microsoft Cor... 2 AD51 Edit Microsoft Cor... Authorization Manager Microsoft Cor... Certificate Templates Microsoft Cor... Certificates Microsoft Cor.. Certification Authority Microsoft Cor... Microsoft Cor.. Component Services Microsoft Cor... Computer Managem. Microsoft Cor.. Device Manager Disk Management Microsoft and.. Description: Selected snap-ins: Console Root Certificate Templates Certification Authority (Local) Add > Edit Extensions... Remove Move up Move Down Advanced... Allows you to configure certification authority properties and to manage certificates issued by this CA.

 

Action Viewu Favorites Windowu Insole Root Help Certificate Templates (CA. cloud.cisco.com) Certification Authority (Local) Template Display Name Administrator Authenticated Session Basic EFS CA Exchange CEP Encryption ciscoratemplate ClientServer Code Signing Computer Cross Certification Authority Directory Email Replication Domain Controller Domain Controller Authentication EFS Recovery Agent Enrollment Agent Enrollment Agent (Computer) Exchange Enrollment Agent (Offline Exchange Signature Only Exchange user IPSec (Offline request) Kerberos Authentication Key Recovery Agent OCSP Response Signing RAS and IAS Server Root Certification Authority Router (Offline request) Smartcard Logon Smartcard user Subordinate Certification Authority Trust List Signing Properties of Neuu Template Subiect Name Superseded Templates Server Issuance Requirements Extensions Security Compatibility General Request Handling Cryptography Key Attestation Actions Certificate Tem lates CA.dc10L More Actions ClientServer More Actions T emplate display name: ciscoratemplate T emplate name: ciscoratem late Validity period: Renewal period: 8 weeks Publish certificate in Active Directory Do not automatically reenroll if a duplicate certificate exists in Active Directory Cancel uthentication uthentication uthentication, Smart Card Logon uthentication, Smart Card Logon, KD uthentication

 

Console Root Certificate Templates (CA.dcIoud.cisco.com) Certification Authority (Local) Template Display Name Administrator Authenticated Session Basic EFS CA Exchange CEP Encryption ciscoratemplate ClientServer Code Signing Computer Cross Certification Authority Directory Email Replication Domain Controller Domain Controller Authentication EFS Recovery Agent Enrollment Agent Enrollment Agent (Computer) Exchange Enrollment Agent (Offline Exchange Signature Only Exchange user IPSec (Offline request) Kerberos Authentication Key Recovery Agent OCSP Response Signing RAS and IAS Server Root Certification Authority Router (Offline request) Smartcard Logon Smartcard user Subordinate Certification Authority Trust List Signing Properties of Neuu Template Subiect Name Server Issuance Requirements Compatibility General Request Handling Cryptography Key Attestation Superseded Templates Group or user names: Authenticated users Administrator Extensions a cisco ra (ciscora@dcloudciscocom) Domain Admins (D CLOUD SD omain Admins) Enterprise Admins (DCLOLlD\Enterprise Admins) Permissions for cisco ra Full Control Enroll Autoenroll For special permissions or advanced settings, click Advanced Cancel Security uthentication uthentication uthentication, Smart Card Lc uthentication, Smart Card Lc Advanced uthentication

 

Console I - [Console Root\Certification Authority Templates] File Action Viewu Favorites Windowu Help zdl Console Root Certificate Templates (CA.dcIoud.cisco.com) Certification Authority (Local) dcIoud-CA Revoked Certificates Issued Certificates Pending Requests Failed Requests Certificate Temp at > cenøne temmate to Name ciscoratemplate ClientServer Web Server 5y Directory Email Replication Domain Controller Authentication Kerberos Authentication EFS Recovery Agent Basic EFS Domain Controller Web Server Computer Subordinate Certification Authority Administrator Intended Purpose Client Authentication, Server Authentic... Server Authentication, Client Authentic... Server Authentication Directory Service Email Replication Client Authentication, Server Authentic... Client Authentication, Server Authentic... File Recovery Encrypting File System Client Authentication, Server Authentic... Server Authentication Client Authentication, Server Authentic... Encrypting File System, Secure Email, Cl... Microsoft. Trust List Signing, Encrypting...

stop then start the service

 

Internet Information Services (IIS) Manager CA Sites Default Web Site File Viewu Help Connections Start Page CA (DCLOLlD\Administrator) Application Pools Default Web Site Home Shouu All Group by: ASP.NET .NET Authorizat... Providers ASP .NET Compilation http Session State S Edit Site Binding Host name: Area IP address: All Unassigned Pages and Controls Port: Authentic... co Require Server Name Indication SSL certificate: ca.dcloud.cisco.com MIME Types Modules ctions Explore Edit Permissions... Edit Site Basic Settings... Viewu Applications Viewu Virtual Directories Manage Website Browse Website Brouuse w:BO (http) Brouuse (https) Advanced Settings... Configure Failed Request Tracing... Cancel Management Configurat... Features Viewu Content Viewu

CUCM : 

Upload root cert as CAPF-Trust

un•nea CISCO For Cisco Unified ;how • ietllr,ga List Generate Self-signed Status 32 records found operanng system Aamlrustranon Solutions Upload Certificate/Certificate chain - Mozilla Firefox Upload Status https://cucm 1 .dcloud. 'cm platform/certificateupload.do cisco.com Certificate/certif•cdte chain Close Certificate List Find Certificate List "here - 3? of 3 (1 Certific cucml. cucml .dcloud. -EC .dclo (D Warning: Uploading a cluster-nide certificate "ill distribute it to all servers in this cluster Upload Certificate/ Certificate chain C e rd ficate CallManager CallManager- ECOSA CallManager- CallManager- CallManager- CallManager- CallManager- CallManager- CallManager- AUTHZ cucml ACT 2 SLIDI C CAP-RTP-002 dcIoud-CA Cisco Manufa Cisco Root CA CAP-RTP-001 Certificate Purpose Description(friendly name) Upload File - indicates required item. CAPF-trust Bronsa„ certnen.cer Cisco ManufacturinQ CA RSA RSA CAP-RTP-OOI Cisco _ Manufacturing CA Issued I.dcloud.cisco.com cloud.cisco.com CA 2048 CA M? CA 2048 CAP-RTP-001 cisco Root CA 2048

 

CAPF-trust is used for CAPF/cisco registration authority via https toIIS. Callmanager-trust is used for trust of LSC cert(secured tftp)

[40 Generate Self-signed Status 10 records found Certificate List Upload CertificateCediticate chain [40 Generate CSR (1 Find Certificate List "here - 10 of ro) Certificate C e rd ficate CAPF-trust CAPF-trust ZAPF-trust CAPF-trust CAPF-trust CAPF-trust CAPF-trust CAPF-trust ACT 2 Common Name -81acc25e SLIDI CA begins with CA-signed CA-signed cucml.dcloud.cisco.com ACT 2 SLIDI CA Clear Filter Cisco RSA RSA RSA RSA RSA RSA RSA RSA RSA Issued -81acc25e Root CA CAP-RTP-002 dcIoud-CA Cisco Root CA 2048 CAP-RTP-002 dcIoud-CA Cisco Root CA CAP-RTP-001 2048 CAP-RTP-001 CAP-RTP-002 dcIoud-CA Cisco Root CA CAP-RTP-001 CA 2048 2048 2048 Cisco Cisco ManufacturinQ Root CA M? -81acc25e Cisco _ Manufacturing Cisco Root CA M? -81acc25e CA Cisco Cisco Root CA Root CA -81acc25e Expiratio 01/10/2023 05/14/2029 10/10/2023 11/10/2028 11/12/2037 05/14/2029 02/06/2023 05/14/2029 11/12/2037 01/10/2023

 

Cisco CISCO For Routing Um fled CM Administration Unified Communications Solutions Media Fesc•urcea Advanced Features Applicatic•r, l_Eer Management • aulk Help Service Parameter Configuration Save Set to Detaut — Status Status: Ready —Select Server and Service Server Service cucmI.dcIoud.cisco.com--CLlCM Voice/ Video (Activi Cisco Certificate Authority Proxy Function (Active) All parameters apply only to the current server except parameters that are in the cluster-nide group(s). —Cisco Certificate Authority Proxy Function (Active) Parameters on server cucmI.dcIoud.cisco.com--CUCM Voice/ Video (Active) Parameter Name Certificate Issuer to Endooint Duration Of Certificate Validity tin Kev Size Maximum Allowable Time For Kev days) Generation Maximum Allowable Attemots for Kev Generation Online CA Parameters Online CA Hostname Online CA Port. Online CA Temolate Online CA Tuoe Online CA Username Online CA Password - indicates required item. Parameter galue Online CA 1024 ca.dcloud.cisco.com 443 ciscoratemplate Microsoft. CA cisc•ra I OCA123! (D * *The Set-to-Oefault button restores all parameters that have been modified to their original default values.

 

restart Cisco Certificate Authority Proxy Function

 

LCS installation,only for hardware phone

 

CUCM enables mix mode 

admin:utils ctl set-cluster mixed-mode

 

This operation will set the cluster to Mixed mode. Auto-registration is enabled on at least one CM node. Do you want to continue? (y/n): y

 

restart Callmanager service

 

Phone

Certification Authority Proxy Function (CAPF) Information Certificate Operation Authentication Mode Authentication String enerate Strin Key Order RSA Key size EC Key size (Bits) Operation Completes ay Certificate Operation Note: Security Profile Install/l_lpgrade ay Null String RSA only 2048 Status: Operation Contains Addition 12 pending CAPF settings.

if CSF  also add

Protocol Specific Information Packet Capture Mode Packet Capture Duration BLF Presence Group SIP Dial Rules Device Security Profile eruu e SUBSCRIBE calling search space SIP Profile Digest User None Standard Presence group None > LIOT-Encrypted-NuIIString.dcIoud.cisco.com Main-css Main-css Standard SIP Profile None > View Details Media Termination Point Required Unattended Port. Require OTMF Reception

 

Find and List Phones Add New From Template Status 8 records found Phone Find Phone "here Device Name Lsc Issued ay Device Name (Line) CSFAMCKENZIE CSFAPEREZ CSFMCHENG CSFWWHITMAN SEPAOAOAOAOAOAO SEPAIAIAIAIAIAI SEPA2A2A2A2A2A2 SEPA3A3A3A3A3A3 Clear All Delete Selected Reset Selected 2 Apply Contig to Selected Clear Filter begins begins CSF for Adam McKenzie with with Select item or enter search text Lsc status Upgrade Success Upgrade Success None None None None None None Lsc Issued dcIoud-CA dcIoud-CA Lsc Issuer Ex 11/10/2028 11/10/2028 CAPF Auth String 12/04/2024 12/04/2024 Related Links: cucml.dcloud.cisco cucml.dcloud.cisco cucml.dcloud.cisco CSF for Anita Perez CSF for Monica CSF for walt Whitman 8845 for Adam Mckenzie 8845 for Monica 8845 for Walt Whitman 8845 for Anita Perez status Registered Registered Registered Rejected None None None None Regist Non Non Non Add New \+14085551116 \+19195552132 \+14085551119 \+19195552130 \+14085551116 \+14085551119 \+19195552130 \+19195552132 Reset Selected amckenzie nnhitman amckenzie nnhitman Add New From Template Select All Clear All Delete Selected Apply Config to Selected


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)