Certificate Management provides for support of importing new identity certificates and trusted CA certificates with enhanced signatures, such as SHA2 and 2048 key length.
Certificate Management enables receiving and validating both existing certificates with SHA1-1024 signature and new certificates with SHA2-2048 signature.
Certificate installation activity is a maintenance activity and must be performed during maintenance window when there is no call traffic running on the Communication Manager system. Performing installation activity on live system can yield undesired system behavior like service disruption and system overload.
Communication Manager uses four application directories to hold certificates.
Application Directory |
Service/Interface |
Peer entity |
Usage |
C |
Communication Manager telephony |
Session Manager another peer CM server, AES, CM Duplication link, FIleSync links, H.248 gateways and 96x1 H.323 phone. |
SIP trunk, H.323 over TLS and others |
W |
Administration Web Server |
PC |
Communication Manager Web Administration |
R |
Remote logging |
Syslog server and general Services access |
logging and services access |
A |
Authentication, Authorization and Accounting (AAA) services (for example, LDAP) |
External AAA server |
Administration accounts authentication |
Note:
Certificates coming from backup and restore from prior to release 10.1 having key length of 1024 does not work. You have to regenerate certificates with key length of 2048 and install the identity certificates on the new Communication Manager R10.1.
