I have gone through the CUCM Security guide and a few more docs. I have not been able to find the answers to all the questions anywhere. I need you help find answers to the questions colored green.
Scenario - At this moment VoIP is not encrypted. (CUCM 6.1 with around 1000 devices). The customer is going to setup a Windows-PKI and they want already to know what specifications Cisco is demanding from such a PKI (so that they later easily can integrate their Cisco VoIP solution in their 'new' network) What encryption length are supported (2048 or 4096 bit ?)
- Based on CUCM security docs it appears to be 512, 1024 or 2048
[My Answer] This answer is correct. Here’s the information from the CUCM 7.x Security Guide:
(Page 84) Key Size - For this setting that is used for CAPF, choose the key size for the certificate from the drop-down list box. The default setting equals 1024. Other options include 512 and 2048.
What Hash-algorithms are supported (SHA-1, SHA-256, SHA-512, ...) ? -
- Based on the CUCM Admin guide I was only able to find SHA-1 and MD-5
[My Answer] This is also true. MD5 is used as a Hash function which is used with encryption. SHA-1 hashed password and PIN in credential table for end users. 1024-bit RSA Public Keys, digital signatures use SHA-1 with RSA.
Need answer to these 4 questions:
How long can the certificate chain be (how many different levels are supported) ?
How can you get certificates on end devices which aren't part of an Active Directory ?
How to you 'connect' a Cisco Telephony system to a Windows-PKI ?
Is there a checklist in which the points which should be considered are specified?
Please share your opinions. Any help would be appreciated.
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...