/mcpStep 4 From the Certificate Operation drop-down list, choose Install/Upgrade for CAPF to install a new LSC certificate on the phone. Step 5 From the Authentication Mode drop-down list, choose how you want the phone to authenticate itself during the LSC installation. Note The phone should be configured to use the same authentication method. Step 6 Enter a text string or click Generate String to generate a string for you if you selected By Authentication String. Step 7 Enter the details in the remaining fields in the Certification Authority Proxy Function (CAPF) Information pane of the Phone Configuration page. For help with the fields and their settings, see the online help. Step 8 Click Save. Set KeepAlive Timer Use this procedure to set the clusterwide keepalive timer for the CAPF–Endpoint connection so that the connection doesn't get timed out by a firewall. The timer has a default value of 15 minutes. After each interval, the CAPF service sends a keepalive signal to the phone to keep the connection open. Procedure Step 1 Use the Command Line Interface to login to the publisher node. Step 2 Run the utils capt set keep_alive CLI command. Step 3 Enter a number between 5 and 60 (minutes) and click Enter. Certificates Authority Proxy Function Administration Task Flow Administer LSC certificates on an ongoing basis once the CAPF is configured andcLSC certificates are issued. Procedure Purpose Command or Action Configure CAPF and add the configured authentication string on the phone. The keys and certificate exchange occurs between the phone and CAPF. LSC Generation through CAPF Step 1 Run a Stale LSC report from Cisco Unified Reporting. Stale LSCs are certificates that were generated in response to an Run Stale LSC Report Step 2 endpoint CSR, but were never installed because a new CSR was generated by the endpoint before the old LSC was installed. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 81 Basic System Security Set KeepAlive Timer