Each Cisco phone uses an ITL (Initial Trust List) and additionally, if security is enabled, a CTL (Certificate Trust List) that store a list of server certificates in the phone flash.
CTL and ITL signatures shown on Cisco phone in Security menu. The signature is the MD5 or SHA1 hash of the file.
|The mismatch between the CTL or ITL files installed on a phone and the CUCM (Cisco Unified Communications Manager) cluster can cause the following serious issues:
- Phone Registration Issues: The phone may fail to register or authenticate with the CUCM server, resulting in communication disruptions or the inability to use certain services.
- Security Concerns: An CTL/ITL mismatch might indicate a potential security risk, allowing unauthorized or untrusted servers to communicate with the phone, compromising the security.
- Limited Functionality: The phone might experience limited functionality or restricted access to secure services until the mismatch is resolved.
To detect ITL/CTL signature mismatches you can generate the following reports with UPLINX Phone Control Tool:
The reports are generated in HTML and CSV format and allow you to easily detect Cisco phones that have a mismatched (wrong) ITL and CTL. With the UPLINX Bulk Erase wizard, you can then clear the configuration from remote if the phone can still be controlled.
View sample CTL signature mismatch report in HTML.
To generate the CTL or ITL signature reports, it is required that the web page of Cisco phones is reachable, and the phones must be registered with CUCM.
Read more about 'Why does a Cisco phone not apply new config settings?'