/mcpDescription Field Choose any of the following values from the drop-down list: • 1024 • 2048 • 3072 • 4096 Depending on the key length, the self-signed certificate request, limits the hash algorithm choices. With the limited hash algorithm choices, you can use a hash algorithm strength that is greater than or equal to the key length strength. • If the key length value is 256, the supported hash algorithms are SHA256, SHA384, or SHA512. • If the key length value is 384, the supported hash algorithms are SHA384 or SHA512. Note Certificates with a key length value of 3072 or 4096 are chosen only for RSA certificates. These options are not available for ECDSA certificates. Note Some phone models might fail to register if the RSA key length value chosen for the CallManager Certificate Purpose is greater than 2048. For more information, navigate to Unified CM Phone Feature List Report on the Cisco Unified Reporting Tool (CURT), to check the 3072/4096 RSA key size support for the list of supported phone models. Key Length Choose a value that is greater than or equal to the key length from the drop-down list: Note • The values in the Hash Algorithm drop-down list changes based on the value that you have chosen in the Key Length field. • If your system is running in FIPS mode, it is mandatory to choose SHA256 as the hashing algorithm. Hash Algorithm Choose any of the options such as 1, 2, 5, 10, or 20 from the drop-down list to set the validity period of self-signed certificates. Note By default, the validity period of all self-signed certificate is five years. When the validity period of a certificate is changed, it does not impact the existing certificates. Only new certificates are impacted. Validity Period (in years) Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 54 Basic System Security Self-Signed Certificate Fields