Configuring 4096 Key Pair Support
During a TLS session, certificate authentication and key exchange are critical. During certificate authentication, the client verifies the server's digital certificate to ensure it is valid and whether it is issued by a trusted Certificate Authority (CA). This step confirms the server's identity. Key exchange is then established, where the client and server negotiate and agree upon keys that will be used for encryption and decryption of data during the TLS session.
During a TLS session, all the STCAPP-based FXS ports of the voice gateways are enabled for a short period of time, for example, during a shut/no shut or boot up period. When you configure the 4096 key pair, these FXS ports securely interface with the CUCM.
To configure 4096 key pair, perform the following steps:
-
Create a new key pair.
-
Associate a trustpoint with this keypair.
-
Authenticate the certificate by a CA Server.
For detailed information on each of these steps, see Configuring and Managing a Certificate Server.