18.1.3.1. PKI (Public Key Infrastructure) 
Figure 370. Public Key Infrastructure (PKI) using the example of common gateways
A Public Key Infrastructure (PKI) is needed to use the "Signaling and Payload
Encryption" feature. You can either use an existing customer PKI for this or
apply a new PKI using Deployment Service DLS (DLS V3 and V7 R1.11.2).
The necessary certificates are centrally deployed to all OpenScape 4000
gateways and subscribers via DLS.
The PKI for OpenScape 4000 included in DLS
- features a basic PKI solution for customers who do not have a PKI (certificate creation),
- supports the integration of an existing PKI (certificate provision for customer PKI),
- performs automatic certificate deployment.
Customer with PKI
If the customer already has a PKI, the following factors must be
considered:
- The existing certificate must be allowed for encryption and signing.
- The existing certificate is an RSA or ECDSA certificate.
- For RSA certificates, the length of the private key must be at least 512 bits.
- For RSA, certificate key lengths up to 4096 bits are supported. For STMI2/4, the maximum key length is 2048 bits.
- The existing certificate is in PEM or PKCS #12 format.
Customer without PKI
If the customer does not have a PKI, the necessary certificates can be
created with DLS. The Automatic SPE Configuration function in
the Administration menu is used for this.
Detailed information on DLS
For more information on importing and distributing certificates, see
Chapter 7,
“Distribution of Certificates using Deployment Service (DLS)”.