Your system uses
self-signed- and third-party-signed certificates. Certificates are used between
devices in your system to securely authenticate devices, encrypt data, and hash
the data to ensure its integrity from source to destination. Certificates allow
for secure transfer of bandwidth, communication, and operations.
The most important
part of certificates is that you know and define how your data is encrypted and
shared with entities such as the intended website, phone, or FTP server.
When your system
trusts a certificate, this means that there is a preinstalled certificate on
your system which states it is fully confident that it shares information with
the correct destination. Otherwise, it terminates the communication between
In order to trust a
certificate, trust must already be established with a third-party certificate
Your devices must
know that they can trust both the CA and intermediate certificates first,
before they can trust the server certificate presented by the exchange of
messages called the secure sockets layer (SSL) handshake.
EC-based certificates for Tomcat are
supported. This new certificate is called tomcat-ECDSA. For further
information, see the Enhanced TLS Encryption on IM and Presence Service section
and Administration of IM and Presence Service on Cisco Unified Communications
EC Ciphers on the
Tomcat interface are disabled by default. You can enable them using the
Ciphers enterprise parameter on Cisco Unified Communications
Manager or on IM and Presence Service. If you change this parameter the Cisco
Tomcat service must be restarted on all nodes.
information on EC-based certificates see, ECDSA Support for Common Criteria for
Certified Solutions in the Release Notes for Cisco Unified Communications
Manager and IM and Presence Service.