Preview Tool

Cisco Bug: CSCvs31264 - CUCM Security Guide - Add note that removing MIC certificates will break secure onboarding

Last Modified

Jan 20, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases


Description (partial)

The CUCM 12.5.1 Security Guide advises that administrators should remove the Cisco Manufacturing certificates from the CallManager-trust store as a best practice.  However, Secure Onboarding which was also added in CUCM 12.5 requires that those certificates be present on the system in the CallManager-trust store.  Here is the relevant document:

We should add a note under the 'Phone Certificate Types' section stating:

'Removing the certs above will prevent Secure Onboarding from working since CUCM will not trust the phone's MIC.'

CUCM Documentation
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.