Which Entity Signs a Cisco IP Phone LSC?

D.

By default, LSC certificates are not installed on Cisco IP phones.

Cisco IP phones that are required to use LSC certificates must be provisioned to allow TLS transactions before deployment in the field.

LSC certificates can be provisioned to the Cisco IP phones through the Certificate Authority Proxy Function (CAPF) process.

This process is completed using TLS and USB tokens coupled with the CTL client.

Moreover, the Cisco ASA Phone Proxy feature can serve LSC certificates to the Cisco IP phones.

Cisco IP phones will only work with the Cisco ASA Phone Proxy and will not establish secure connectivity with the Cisco Unified Communications Manager.

The answer is E. Cisco Certificate Authority.

In Cisco Unified Communications Manager (CUCM), a Localized Certificate Authority (LCA) is used to issue Localized Security Certificates (LSCs) to IP phones. These certificates are used for secure communication between IP phones and other devices, such as CUCM, Cisco Unity Connection, or Cisco IM and Presence.

The LSC is signed by the Cisco Certificate Authority (CA) using the LCA private key. The LCA private key is stored securely in CUCM, and is used to sign LSCs for all IP phones registered to that CUCM cluster.

The other options in the answer choices are not directly involved in the signing of Cisco IP phone LSCs:

A. Godaddy.com Enrollment Server is not used for Cisco IP phone LSCs. B. Manufacturer Certificate Authority is not used for Cisco IP phone LSCs. C. Registration Authority is used for certificate enrollment, but not for the signing of Cisco IP phone LSCs. D. Certificate Authority Proxy Function is used to forward certificate requests to the appropriate CA, but not for the signing of Cisco IP phone LSCs.

Therefore, the correct answer is E. Cisco Certificate Authority.