cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Urgent - CUCM Encryption questions

Priyaranjan Jha
Beginner
Beginner

I have gone through the CUCM Security guide and a few more docs. I have not been able to find the answers to all the questions anywhere. I need you help find answers to the questions colored green.

Scenario - At this moment VoIP is not encrypted. (CUCM 6.1 with around 1000 devices). The customer is going to setup a Windows-PKI and they want already to know what specifications Cisco is demanding from such a PKI (so that they later easily can integrate their Cisco VoIP solution in their 'new' network) What encryption length are supported (2048 or 4096 bit ?)

- Based on CUCM security docs it appears to be 512, 1024 or 2048

[My Answer] This answer is correct. Here’s the information from the CUCM 7.x Security Guide:

(Page 84) Key Size - For this setting that is used for CAPF, choose the key size for the certificate from the drop-down list box. The default setting equals 1024. Other options include 512 and 2048.

What Hash-algorithms are supported (SHA-1, SHA-256, SHA-512, ...) ? -

- Based on the CUCM Admin guide I was only able to find SHA-1 and MD-5

[My Answer] This is also true. MD5 is used as a Hash function which is used with encryption. SHA-1 hashed password and PIN in credential table for end users. 1024-bit RSA Public Keys, digital signatures use SHA-1 with RSA.

Need answer to these 4 questions:

How long can the certificate chain be (how many different levels are supported) ?

How can you get certificates on end devices which aren't part of an Active Directory ?

How to you 'connect' a Cisco Telephony system to a Windows-PKI ?

Is there a checklist in which the points which should be considered are specified?

Please share your opinions. Any help would be appreciated.

Thanks & Regards,

PJ
Technology Solutions Network

2 REPLIES 2

David Hailey
Advisor
Advisor

Take a look here and see how many of your questions are answered:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html

Hailey

Please rate helpful posts!

Priyaranjan Jha
Beginner
Beginner

Hi David,

I have referred to this guide earlier but I can't find such details in here. I have only found answer to the first 2 questions and rest still stand unanswered.

Thanks,

PJ

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: