CAPF (Certificate Authority Proxy Function)

This came up in practice materials:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/8_6_1/secugd/sec-861-cm/secucapf.html

What is CAPF:

Certificate Authority Proxy Function Overview
Certificate Authority Proxy Function (CAPF), which automatically installs with Cisco Unified Communications Manager, performs the following tasks, depending on your configuration:

•Authenticate via an existing Manufacturing Installed Certificate (MIC), Locally Significant Certificate (LSC), randomly generated authentication string, or optional less secure “null” authentication.

•Issues locally significant certificates to supported Cisco Unified IP Phones.

•Upgrades existing locally significant certificates on the phones.

•Retrieves phone certificates for viewing and troubleshooting.

During installation, a certificate that is specific for CAPF gets generated. This CAPF certificate, which the Cisco CTL Client copies to all Cisco Unified Communications Manager servers in the cluster, uses the .0 extension.