Guest

Preview Tool

Cisco Bug: CSCvs31264 - CUCM Security Guide - Add note that removing MIC certificates will break secure onboarding

Last Modified

Jan 20, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

12.5(1.10000.1)

Description (partial)

Symptom:
The CUCM 12.5.1 Security Guide advises that administrators should remove the Cisco Manufacturing certificates from the CallManager-trust store as a best practice.  However, Secure Onboarding which was also added in CUCM 12.5 requires that those certificates be present on the system in the CallManager-trust store.  Here is the relevant document:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1/cucm_b_security-guide-1251/cucm_b_security-guide-1251_chapter_01.html?bookSearch=true#CUCM_RF_P406FBC9_00

We should add a note under the 'Phone Certificate Types' section stating:

'Removing the certs above will prevent Secure Onboarding from working since CUCM will not trust the phone's MIC.'

Conditions:
CUCM Documentation
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.