Configuring TLS for CUCM

This section provides instructions for configuring TLS for Cisco Unified Communications Manager (CUCM). For more details on CUCM configuration, see the Configuring a SIP Trunk Security Profile chapter in the CUCM Security Guide.

To upload the Vocera TLS certificate to CUCM:

  1. Log into CUCM Operating System Administration.

  2. Navigate to Security > Certificate Management.

    The Certificate List window displays.

  3. Click Upload Certificate.

    The Upload Certificate dialog box opens.

  4. In the Certificate Name field, select CallManager-trust.

  5. Click Browse, navigate to the certificate file, and then click Open.

  6. Click Upload File.

Note: When you upload each VSTG certificate to CUCM, the certificate is renamed to the IP address of the VSTG server and converted to PEM format.

To configure SIP trunk security on CUCM:

  1. In CUCM Console, configure a SIP Trunk Security Profile for TLS.

    When you enter the X.509 Subject Name for the SIP Trunk Security Profile, enter the VSTG IP address. If you have a VSTG array, enter a comma-delimited list of VSTG IP addresses.

  2. Apply the SIP Trunk Security Profile to the trunk in the Trunk Configuration window.

To update a VSTG certificate on CUCM:

  1. Schedule VSTG and CUCM downtime.

  2. Stop the VSTG server.

  3. On the VSTG machine, run \vocera\telephony\certificate\cert.bat to generate a new certificate.

  4. Log into CUCM Operating System Administration and remove the old VSTG certificate from CUCM.

  5. Reset the SIP trunk.

  6. Upload the new certificate to CUCM.

  7. Reset the SIP trunk again.

  8. Restart the CallManager Service, or restart the CUCM machine.

  9. Start the VSTG server.