Cisco Cisco IPCC Web Option Design Guide

 shows the Certificate Authority enrollment procedure to generate certificates used by the 

agent and the servers. The agent desktop certificate enrollment process is manual, requiring the creation 
of certificate signing requests (CSRs) at each endpoint, which are then transferred to the certificate 
authority responsible for signing and generating the certificates.

When designing a Unified CCE solution based on Unified CM Release 4.x or 5.0, customers may choose 
to implement device authentication for the Cisco Unified IP Phones 7940, 7960, or 7970. Unified 
CCE 7.0 was tested with Unified CM's Authenticated Device Security Mode, which ensures the 
following:

Device Identity — Mutual authentication using RSA signatures

Signaling Integrity — SCCP messages authenticated using HMAC-SHA-1

Signaling Privacy — SCCP message contents encrypted using AES-128-CBC

Media Encryption may be used with Unified CCE; however, it prevents the use of the silent monitoring 
feature. Also, if you are deploying a recording system, contact the recording system vendor to verify 
support for recording in an environment with Secure Real-Time Transport Protocol (SRTP).

143958

Certificate

request

Generate key's

Private

Public

User key's

Sign

Private

Public

CA's keys

End host

certificate