Chapter 5: Security And Qos; Security; Installing Digital Certificates - Avaya 3631 Administrator's Manual

Chapter 5: Security and QoS

Security

The following security methods are supported on the 3631 telephone:
• WEP
– 40-bit and 128-bit encryption
• WPA --Temporal Key Integrity Protocol (TKIP)
– With Pre-Shared Key (PSK)
– With 802.1X Authentication
• WPA2 —Advanced Encryption Standard (AES)
– With Pre-Shared Key (PSK)
– With 802.1X Authentication
The following EAP methods are supported in conjunction with 802.1X authentication:
• EAP-TLS
• PEAPv0/EAP-MSCHAPV2
• PEAPv1/EAP-GTC
• LEAP
• TTLS-CHAP
• TTLS-MD5
• TTLS-MSCHAP
• TTLS-MSCHAPV2

Installing Digital Certificates

The 3631 telephone supports installation of digital CA certificates as well as a digital
device certificate/private key for use with 802.1X authentication.
All certificates must be in PEM format. The certificates must have the following
filenames:
• cacert1.pem—the CA certificate associated with the first Access Profile
• cacert2.pem—the CA certificate associated with the second Access Profile
• cacert3.pem—the CA certificate associated with the third Access Profile
• user_cert.pem—the user/device certificate for the phone. Required for EAP-TLS
authentication
• private_key.pem—private key for the phone. Required for EAP-TLS
authentication
• private_key_passwd.txt—file containing the password used to encrypt/decrypt the
private key. Required for EAP-TLS authentication
CA certificates may be downloaded to the telephone through either of the following
methods:
• Automatically over-the-air via the TRUSTCERTS parameter in a 46xxsettings.txt
file
• Manually from a PC via the USB cable
3631 Wireless Telephone Administrator Guide 22