McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 163

↗ View in doc context
page
163
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::159

Description Setting This field specifies the sequence of the key for CAPF. Select one of the following values from the drop-down list: • RSA Only • EC Only • EC Preferred, RSA Backup Note When you add a phone, that is based on the value in Key Order, RSA Key Size, and EC Key Size fields, the device security profile is associated with the phone. If you select the EC Only value, with the EC Key Size value of 256 bits, then the device security profile appends with EC-256 value. Key Order From the drop-down list box, choose one of the values—512, 1024, 2048, 3072, or 4096. Note Some phone models may fail to register if the RSA key length that is selected for the CallManager Certificate Purpose is greater than 2048. From the Unified CM Phone Feature List Report on the Cisco Unified Reporting Tool (CURT), you can check the 3072/4096 RSA key size support feature for the list of supported phone models. RSA Key Size (Bits) From the drop-down list, choose one of the values—256, 384, or 521. EC Key Size (Bits) The following table describes the settings for the security profile for the phone that is running SIP. Table 26: Security Profile for Phone That Is Running SIP Description Setting Enter a name for the security profile. When you save the new profile, the name displays in the Device Security Profile drop-down list in the Phone Configuration window for the phone type and protocol. Tip Include the device model and protocol in the security profile name to help you find the correct profile when you are searching for or updating a profile. Name Enter a description for the security profile. Description Enter the number of minutes (in seconds) that the nonce value is valid. The default value equals 600 (10 minutes). When the time expires, Unified Communications Manager generates a new value. Note A nonce value, a random number that supports digest authentication, gets used to calculate the MD5 hash of the digest authentication password. Nonce Validity Time Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 145 Basic System Security Phone Security Profile Settings