Avaya 9608 Administrator's Manual page 60

Server Administration
when new phone software is downloaded. Both the authentication credentials and realm have a
default value of null, set at manufacture or at any other time user-specific data is removed from the
phone. When TLS is used, the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is used for
authentication. If the digital certificate of the server is signed by the Avaya Product Root Certificate
Authority certificate, the call server registration password of the phone is included as the credentials
in an Authorization request-header for each transmitted PUT (backup) and GET (for restore)
method.
With TLS, the phone uses a TLS_RSA_WITH_AES_128_CBC_SHA cipher suite. If TLS is used but
no digital certificates are downloaded based on the TRUSTCERTS value, the IP address of the call
server with which the phone is registered and the registration password of the phone will be
included as the credentials in an Authorization request-header in each transmitted GET and PUT
method. If at least one digital certificate has been downloaded based on TRUSTCERTS, the IP
address of the call server with which the phone is registered. The registration password of the
phone is included in the credentials in an Authorization request-header in each transmitted GET and
PUT method only if the value of BRAUTH is 1.
When the call server IP address and the registration password of the phone are included as the
credentials in an Authorization request-header, the call server IP address is included first in dotted-
decimal format, followed by a colon (hex 3A), followed by the registration password of the phone.
The server gets the extension number of the phone from the backup or restore file name. The server
must also protect the user's credentials once they are received through the secure TLS connection.
The phone sends the registration credentials without regard to the BRAUTH setting if no certificates
are downloaded. Only server certificates signed by an Avaya Root CA certificate are authenticated if
no certificates are downloaded.
If an HTTP backup or restore operation requires authentication and the realm in the challenge
matches the stored realm, the phone uses the stored credentials to respond to the challenge without
prompting the user. However, if the stored credentials are null, or if the realms do not match, or if an
authentication attempt using the stored credentials fails, the Status Line of the 9600 Series IP
Deskphones or the Prompt Line for all other 9600 Series IP Deskphones display an HTTP
Authentication or an HTTP Authentication Failure interrupt screen: Enter backup/restore
credentials.
New values replace the stored authentication and realm values:
• When HTTP authentication for backup or restore succeeds and
• If the userid, password, or realm used differs from those values that are stored in the phone
If HTTP authentication fails, the user is prompted to enter new credentials.
Note:
Users can request a backup or restore using the Advanced Options > Backup/Restore
screen, as described in the user guide for their specific deskphone model.
For specific error messages relating to backup or restore, see the Avaya IP Deskphone Edition
for 9600 Series IP Telephones, Installation and Maintenance Guide, 16-300694.
Administering 9608/9608G/9611G/9621G/9641G IP Deskphones H.323
60
Comments? infodev@avaya.com
June 2014