McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 86

↗ View in doc context
page
86
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::77

• Validity Period of Self-signed Certificates—The default validity period of self-signed certificates are reduced. By reducing the validity period, the keys are renewed periodically in a short span, and it removes the outdated certificates. The longer the validity period of the certificates, the higher are the chances of the private key being compromised. The default validity period of all self-signed certificates is five years. You also have an option to configure the validity period of the self-signed certificates using the Validity Period field. For more details, see the Generate New Self-signed certificate section. Table 13: Cisco Unified Communications Manager CSR Key Usage Extensions From Unified CM Release 14 onwards Earlier than Unified CM Release 14 Node/Cluster Based No.of certificates to manage in a 10 node cluster Supports Multi-Server CA-Signed Supports Multi-ServerSAN Self-Signed Node/Cluster Based No.of certificates to manage in a 10 node cluster Supports Multi-ServerSAN CA-Signed Supports Multi-ServerSAN Self-Signed Certificates Cluster-based 1 Y Y Node-Basedwhen self-signed 1 Y N Tomcat Cluster-based 1 Y Y Node-Basedwhen self-signed 1 Y N Tomcat-ECDSA Cluster-based 0 Y Y Node-Basedwhen self-signed 1 Y N CallManager Cluster-based 0 Y Y Node-Basedwhen self-signed 1 Y N CallManager-ECDSA Cluster-based 1 Y Y Node-based 10 N N TVS Only on Publisher 1 N Y Node-based 10 N N CAPF Node-based 0 N N Node-based 10 N N IPsec Cluster-based 1 N N Node-based 1 N N ITLRecovery Simplified Certificate Management User Interface Updates The following user interface updates are introduced: • Reuse Certificate—The Certificate Management window includes this new option that lets you share a Tomcat multi-server certificate with the CallManager application. This reduces the size of the ITL file, thereby reducing overhead. • Show Certificates—The Certificate Management window in Cisco Unified OS Administration interface includes new filtering options that let you view the list of identity and trust certificates. Reuse Multi-Server Tomcat Certificate for CallManager You can now reuse a Tomcat multi-server certificate for the CallManager application. You can procure one certificate from the CA and reuse it across applications. This ensures lower management overhead and cost optimization. Before you reuse a Tomcat certificate, make sure that it is a multi-server SAN support certificate. Note Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 68 Basic System Security Simplified Certificate Management User Interface Updates