/mcpDescription Field From the Key Length drop-down list, select one of the values. Depending on the key length, the CSR request limits the hash algorithm choices. By having the limited hash algorithm choices, you can use a hash algorithm strength that is greater than or equal to the key length strength. For example, for a key length of 256, the supported hash algorithms are SHA256, SHA384, or SHA512. Similarly, for the key length of 384, the supported hash algorithms are SHA384 or SHA512. Note Certificates with a key length value of 3072 or 4096 can only be selected for RSA certificates. These options aren't available for ECDSA certificates. Note Some phone models may fail to register if the RSA key length selected for the CallManager Certificate Purpose is greater than 2048. From the Unified CM Phone Feature List Report on the Cisco Unified Reporting Tool (CURT), you can check the 3072/4096 RSA key size support feature for the list of supported phone models. Key Length Select a value from the Hash Algorithm drop-down list to have stronger hash algorithm as the elliptical curve key length. From the Hash Algorithm drop-down list, select one of the values. Note • The values for the Hash Algorithm field change based on the value you select in the Key Length field. • If your system is running on FIPS mode, it's mandatory that you select SHA256 as the hashing algorithm. Hash Algorithm Download a Certificate Signing Request Download the CSR after you generate it and have it ready to submit to your certificate authority. Procedure Step 1 From Cisco Unified OS Administration, choose Security > Certificate Management. Step 2 Click Download CSR. Step 3 Choose the certificate name from the Certificate Purpose drop-down list. Step 4 Click Download CSR. Step 5 (Optional) If prompted, click Save. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 51 Basic System Security Download a Certificate Signing Request