Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Cisco Employee

Urgent - CUCM Encryption questions

I have gone through the CUCM Security guide and a few more docs. I have not been able to find the answers to all the questions anywhere. I need you help find answers to the questions colored green.

Scenario - At this moment VoIP is not encrypted. (CUCM 6.1 with around 1000 devices). The customer is going to setup a Windows-PKI and they want already to know what specifications Cisco is demanding from such a PKI (so that they later easily can integrate their Cisco VoIP solution in their 'new' network) What encryption length are supported (2048 or 4096 bit ?)

- Based on CUCM security docs it appears to be 512, 1024 or 2048

[My Answer] This answer is correct. Here’s the information from the CUCM 7.x Security Guide:

(Page 84) Key Size - For this setting that is used for CAPF, choose the key size for the certificate from the drop-down list box. The default setting equals 1024. Other options include 512 and 2048.

What Hash-algorithms are supported (SHA-1, SHA-256, SHA-512, ...) ? -

- Based on the CUCM Admin guide I was only able to find SHA-1 and MD-5

[My Answer] This is also true. MD5 is used as a Hash function which is used with encryption. SHA-1 hashed password and PIN in credential table for end users. 1024-bit RSA Public Keys, digital signatures use SHA-1 with RSA.

Need answer to these 4 questions:

How long can the certificate chain be (how many different levels are supported) ?

How can you get certificates on end devices which aren't part of an Active Directory ?

How to you 'connect' a Cisco Telephony system to a Windows-PKI ?

Is there a checklist in which the points which should be considered are specified?

Please share your opinions. Any help would be appreciated.

Thanks & Regards,

PJ
Technology Solutions Network

Everyone's tags (3)
2 REPLIES

Re: Urgent - CUCM Encryption questions

Take a look here and see how many of your questions are answered:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html

Hailey

Please rate helpful posts!

Cisco Employee

Re: Urgent - CUCM Encryption questions

Hi David,

I have referred to this guide earlier but I can't find such details in here. I have only found answer to the first 2 questions and rest still stand unanswered.

Thanks,

PJ

1970
Views
0
Helpful
2
Replies
CreatePlease to create content