- Unlocking the Privacy Advantage to Build Trust in the Age of AI
- ICO Apologizes After Data Protection Response Snafu
- ¿Recuerdas cuando los desarrolladores reinaban? El mercado de la codificación de software se debilita
- Who’s driving ransomware’s accelerated growth in 2025
- 퀄컴, 베트남 빈AI의 생성형 AI 부문 ‘모비안AI’ 인수··· AI 솔루션 고도화 박차
CUCM Mixed Mode With Tokenless CTLs
CUCM Mixed Mode With Tokenless CTLs
move phones registered to the old cluster to instead register to the new cluster.
Download the CallManager.pem from new cluster pub and upload that cert as phone-trust to the old cluster. This will enable the old cluster TVS to have TVS-aware phones trust the new cluster.
When the phone is told (say, via change in DHCP option 150 value) to register to the new cluster, it will fail to authenticate the new cluster’s CTL file due to a different file signer.
So, the phone will then connect with its already-trusted TVS server in the old cluster. At this point, since the new cluster pub cert was added as phone-trust in the old cluster, TVS will instruct the phone to trust the cert.
Then, based on TVS’s go-ahead, the phone will now load and install the new cluster CTL file.
At this stage, the phone will trust only the entries in the new cluster CTL file – and also any certs that the new cluster’s TVS can trust.
Also, it seems like this procedure would also work with the token-based CTL client, as long as TVS is present and all the moving endpoints support TVS.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118893-technote-cucm-00.html
thanks for this quick note. Just a question – after you uploaded new cluster’s callmanager.pem as a Phone-SAST-trust certificate, did you restart the TVS service? Were you required to restart the phones in the old cluster after this, or did you only need a reboot when you moved them across?