Table of Contents
Advertisement
Certificate management
The applications running in the Collaboration Station setup rely on trusted certificates for secure
operation. The trusted certificate repository can be configured through a parameter, which is used
by various applications in the following manner:
• SIP/TLS: Uses the trusted certificates if the certificates are configured, else uses the default
Avaya SIP Product CA certificate. The identity certificate generated using SCEP is used if the
deskphone identity certificate is requested by Avaya Aura
authentication or when the CONNECTION_REUSE parameter is set to 0 and the deskphone
listens to inbound connections from Avaya Aura
• PPM/HTTPS/TLS: Uses the trusted certificates if the certificates are configured, else uses the
default Avaya SIP Product CA certificate. The identity certificate generated using SCEP is used
if the deskphone identity certificate is requested by PPM for mutual authentication.
• Software distribution package and settings file downloaded from the HTTPS server: Uses the
trusted certificates if the certificates are configured, else uses the Avaya Product Root CA
certificate. The identity certificate generated using SCEP is used if the deskphone identity
certificate is requested by the file server for mutual authentication.
• Ethernet 802.1x EAP-TLS: Uses the trusted certificates. The identity certificate generated using
SCEP is used as it is required for authentication.
• Wi-Fi 802.1x EAP-TLS: Uses the trusted certificates. EAP-PEAP and EAP-TTLS might also
use the trusted certificates, but for EAP-TLS the identity certificate generated using SCEP shall
be used as it is required for authentication.
• Exchange using HTTPS: Uses the trusted certificates and built-in Android well known root CAs.
• Browser using HTTPS: Uses the trusted certificates and the built-in Android well known root
CAs.
Enterprises can set up their own certificate authority (CA) by replacing the default Avaya root
certificates and Avaya Product Root CA certificates with their trusted certificates. The certificates
issued by CA must be configured in the settings file when the Collaboration Station is registered with
the enterprise. In addition to root certificates, high-security enterprises install a unique identity
certificate on each Collaboration Station. Identity certificates are required if the communication setup
is using EAP-TLS, or any other server that requires mutual authentication.
The Collaboration Station support the Simple Certificate Enrollment Protocol (SCEP) to retrieve and
load the identity certificates. You can configure SCEP settings in the settings file. If the device is
preconfigured, you must return to factory defaults before performing the security configurations.
Secure installation configuration
For secure installation, configure the following parameters.
April 2016
Installing and Maintaining Avaya H100-Series Video Collaboration Stations
Comments on this document? infodev@avaya.com
®
Session Manager for mutual
®
Session Manager.
Certificate management
35
Hide quick links:
Advertisement
Table of Contents
