We help IT Professionals succeed at work.

Is there a way to see contents of CUCM file CTLFile.tlv

zareac
zareac asked
on
I downloaded Cisco SEP123456789012.tlv file for device, and CTLFile.tlv from Cisco Unified Communications Manager and I'd like to see its contents. Is it possible to see its contents by some tool?
Comment
Watch Question

Commented:
There was a tool that allowed you to change the trust list.  Not sure if it allows you to actually open and read the contents of the CTL (certificate trust list) file.  I believe it is called the CTL Client configuration tool.

Author

Commented:
sr75, thanks for responding. I understand that tlv files contain encrypted data, so probably viewing their content is not allowed. I definitely can use Cisco CTL client to change trust list. I'll acccept your answer as solution if no one else answers in next few days
What is the purpose behind decrypting the CTL?

Author

Commented:
I wanted to verify that CTL was issued by Intermediate CA. Now when I "put it on paper" I understand that CTL is generated by CUCM and has nothing to do with Intermediate CA that I uploaded to CUCM.

The whole mess started when I uploaded Intermediate CA certificates on my CUCM, and wanted to make sure that my Jabber softphone is using  Intermediate root CA in Windows certificate store to verify certificate presented by CUCM.

In between I needed to regenerate CTL files with CTL client because I uploaded intermediate CA certificates for CallManager, and my softphone didn't want to register with old CTL files.

Eventually I also uploaded intermediate CA certificates for tomcat and TVS service, and now I don't get any prompts for accepting certificates from Jabber softphone.

I still don't understand why is CTL needed and what is its relation to CallManager, tomcat or TVS certificates
CTLs are not needed unless you have a secure cluster. Under Enterprise Parameters the Cluster Security Mode needs to be 1