X Support - Mitel 6867i Administrator's Manual

5. Enter the certificate file names and the private key file name in the appropriate fields.
The Root and Intermediate Certificate files contain one root certificate and zero or more
intermediate certificates which must be placed in order of certificate signing with root cer-
tificate being the first in the file. If the local certificate is signed by some well known certificate
authority, then that authority provides the user with the Root and Intermediate Certificate
files (most likely just CA root certificate).
The Trusted Certificate files define a list of trusted certificates. The phone's trusted list must
contain the CA root certificates for all the servers it is connecting to. For example, if the
phone is connecting to server A which has a certificate signed by CA1, and server B, which
has a certificate signed by CA2, the phone must have CA1 root certificate and CS2 root
certificate in its Trusted Certificate file.
Notes:
1. If configuring TLS, you must specify the files for Root and Intermediate
2. If configuring Persistent TLS, you must specify the Trusted Certificates (which
3. The certificate files and Private Key file names must use the format ".pem".
4. To create custom certificate files and private key files to use on your IP phone,
6. Click Save Settings to save your changes.

802.1X SUPPORT

The IP phones support the IEEE 802.1x protocol. The 802.1x protocol is a standard for passing
Extensible Authentication Protocol (EAP) over a wired or wireless Local Area Network (LAN).
The 802.1x protocol on the IP phone facilitates media-level access control, and offers the
capability to permit or deny network connectivity, control LAN access, and apply traffic policy,
based on user or endpoint identity. This feature supports both the EAP-MD5 and EAP-TLS
protocols.
If 802.1x on the phone is enabled, a "802.1x Authenticating..." message displays during startup
of the phone.
If the 802.1x failed to authenticate with the server, the phone continues its normal startup
process using DHCP. However, the network port on the phone may or may not be disabled,
depending on the switch configuration.
CERTIFICATES AND PRIVATE KEY INFORMATION
• If the certificates and private key are NOT stored in the phone, 802.1x authentication is
disabled.
• If the certificates and private key ARE stored in the phone, the phone uses them during the
authentication process
• If the phone uses EAP-TLS for successful authentication, the phone downloads the latest
certificates and private key files, and then reboots.
Certificates, the Local Certificate, the Private Key, and the Trusted Certificates
in order for the phone to receive calls.
contains the trusted certificate list). All other certificates and the Private Key are
optional.
contact Mitel Technical Support.
Advanced Operational Features
6-23