CiscoEndpointCertificateDeployer

Automatically upload and activate a PFX certificate and private key to a Cisco video conferencing endpoint running TC7, CE8, or later software. Useful for Let's Encrypt automation, such as Certify The Web.

1. Requirements
2. Usage
3. Result
4. Let's Encrypt

Requirements

• .NET 8 x64 runtime or later
• Cisco video conferencing endpoint
  • Also known as TelePresence, Collaboration Endpoint, Webex Device, room system, and codec
  • TC, CE, or RoomOS software (tested with TC7, CE9, RoomOS 10, and RoomOS 11)
  • IX5000 is not supported
  • Username and password for an enabled account with the Admin role. If the endpoint is registered to Webex, you will need to manually enable this account.
  • HTTPS and SSH server must be enabled
  • A DNS entry, such as an A record that points to the endpoint's IPv4 address, so that browsers can validate the certificate's subject CN

Usage

CiscoEndpointCertificateDeployer.exe certificatePath endpointHost endpointUsername endpointPassword applyToServices

certificatePath

The absolute filesystem path of a PFX file to upload. It must have been exported with the private key.

endpointHost

The hostname (such as the IP address or FQDN) of the endpoint.

endpointUsername

The username of an account on the endpoint with the Admin role. The factory default for Cisco endpoints is admin.

endpointPassword

The passphrase used to log in to the user above. The factory default for Cisco endpoints is the empty string.

applyToServices

A comma-delimited list of service names with which the new certificate will be used. Defaults to https, but you can include SIPS by passing https,sip.

Example

"C:\Program Files\CiscoEndpointCertificateDeployer\CiscoEndpointCertificateDeployer.exe" "C:\ProgramData\certify\assets\myendpoint.mycompany.com\20210817_abcdefgh.pfx" myendpoint.mycompany.com admin CISCO https,sip

Result

Let's Encrypt

You can use this program to automatically maintain valid certificates issued by a trusted root certificate authority like Let's Encrypt on your Cisco endpoints. DNS verification, rather than HTTP verification, is particularly helpful when the endpoints' web servers are not exposed to inbound traffic from the internet, which you should not allow through your firewall.

Certify The Web

You can use Certify The Web on a Windows computer to automatically renew certificates and deploy them with this program.

1. Download and install Certify The Web.
2. Click New Certificate.
3. Register your email address with Let's Encrypt.
4. In the Certificate tab, add a domain like myendpoint.mycompany.com to the certificate, then click the + button.
5. In the Authorization tab, change the Challenge Type to dns-01, select your DNS provider from the DNS Update Method list, and supply the Credentials for your DNS provider with the New button.
6. In the Deployment tab, set the Deployment Mode to No Deployment, since deployments are only used for local IIS servers.
7. In the Tasks tab, add a new Deployment Task, choose Run Powershell Script, and set the following properties.

   Name	Value
   Task Name	Deploy Certificate to Cisco Endpoint
   Description	Upload and activate certificate on Cisco endpoint using HTTP and SSH.
   Trigger	Run On Success
   Run task even if previous task step failed	☐
   Authentication	Local (as current service user)
   Program/Script	The absolute path to the PowerShell script included with this program, such as C:\Program Files\CiscoEndpointCertificateDeployer\CiscoEndpointCertificateDeployer.ps1
   Pass Result as First Arg	☑
   Impersonation LogonType	Service
   Arguments	Details about your endpoint, in the form endpointHostname=myendpoint.mycompany.com;endpointUsername=admin;endpointPassword=CISCO;applyToServices=https,sip
   Script Timeout Mins.
   Launch New Process	☐

8. Click the Save button.
9. Optionally ensure the domain validation is working using the Test button.
10. Request and deploy a certificate using the Request certificate button.