Certificate Management; Manual Installation - Cisco 8821 Manual

Hide thumbs Also See for 8821:

Administration manual (158 pages)

User manual (116 pages)

Accessory manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

Table of Contents

•

Prior to selecting Import, browse to the template to be applied and enter the Encryption Key that was specified during

the template export process previously.

•

The Cisco Wireless IP Phone 8821 and 8821-EX will need to be restarted after the template is uploaded.

Certificate Management

As of the 11.0(2) release for the Cisco Wireless IP Phone 8821 and 8821-EX, X.509 digital certificates can be utilized for EAP-

TLS or to enable Server Validation when using PEAP-GTC or PEAP-MSCHAPV2.

A User Certificate can be installed either automatically via Simple Certificate Enrollment Protocol (SCEP) or manually via the

phone's admin webpage interface (https://x.x.x.x:8443).

A Server Certificate can be installed either automatically via Simple Certificate Enrollment Protocol (SCEP), manually via the

phone's admin webpage interface (https://x.x.x.x:8443), or via TFTP download.

The TFTP download method can help when the RADIUS servers are issued certificates from a different CA chain than the CA

chain used for issuing client certificates or if wanting to quickly enable Server Validation for PEAP.

To install a Server Certificate via the TFTP download method, rename the Root CA certificate to WLANRootCA.cer then

copy it to the CUCM TFTP servers and restart the TFTP service for those CUCM servers.

Only 1 certificate per type is allowed; 1 user certificate and 1 server certificate.

Once a certificate is installed, Server Validation is automatically enabled if configured for EAP-TLS, PEAP-GTC, or PEAP-

MSCHAPV2.

Microsoft® Certificate Authority (CA) servers are recommended. Other CA server types may not be completely interoperable

with the Cisco Wireless IP Phone 8821 and 8821-EX.

Both DER and Base-64 (PEM) encoding are acceptable for the client and server certificates.

Certificates with a key size of 1024, 2048, and 4096 are supported.

Ensure the client and server certificates are signed using either the SHA-1 or SHA-256 algorithm, as the SHA-3 signature

algorithms are not supported.

Ensure Client Authentication is listed in the Enhanced Key Usage section of the user certificate details.

Manual Installation

For out of box (factory reset) manual installation, the admin webpage interface is Enabled, the username is fixed to admin, and

the password is temporarily set to Cisco.

The temporary password will no longer be available once the phone registers to Cisco Unified Communications Manager.

The admin webpage interface will be Disabled on the phone once it registers to Cisco Unified Communications Manager

regardless if it contains support for the Web Admin and Admin Password options.

Cisco Wireless IP Phone 8821 and 8821-EX Wireless LAN Deployment Guide

150

Table of Contents

This manual is also suitable for:

8821-ex

Certificate Management; Manual Installation - Cisco 8821 Manual

Certificate Management

Manual Installation

Related Manuals for Cisco 8821

Related Content for Cisco 8821

This manual is also suitable for:

Table of Contents