Guest

Preview Tool

Cisco Bug: CSCvs47282 - CUCM - Secure Onboarding Should Reference CAPF-trust instead of CallManager-trust

Last Modified

Aug 24, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

12.5(1.10000.22) 12.5(1.11900.146)

Description (partial)

Symptom:
In 12.5 support was added for Device Onboarding via Activation Code (Secure Onboarding).  Part of the onboarding process requires that the phone send its MIC to CUCM for verification.  The Device Activation service currently references CallManager-trust, however, Cisco recommends removing the Cisco root certificates in the Security Guide:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1/cucm_b_security-guide-1251/cucm_b_security-guide-1251_chapter_01.html?bookSearch=true#CUCM_RF_P406FBC9_00

The Device Activation service should reference CAPF-trust since our documentation doesn't recommend removing the certificates from that trust-store and they are present there by default for LSC installation.

Conditions:
CUCM 12.5 using Device Onboarding via Activation Code
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.