Certificate Management - Avaya 9601 Administering

9600 series

Hide thumbs Also See for 9601:

Instructions manual (94 pages)

User manual (92 pages)

Installing and maintaining (90 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

page of 143

/ 143
Contents
Table of Contents
Bookmarks

Table of Contents

Security

equivalent parameters in Communication Manager or System Manager. You must configure the

following three parameters on the deskphones and the equivalent Communication Manager

parameters must match one of the parameters:

• SET ENFORCE_SIPS_URI 1

• SET SDPCAPNEG 1

• SET MEDIAENCRYPTION X,9

• SET MEDIAENCRYPTION X where X is a value from 1 to 8

Certificate management

The applications running in the 9600 Series IP Deskphones setup rely on trusted certificates for

secure operation. The trusted certificate repository can be configured through a parameter, which is

used by various applications in the following manner:

• SIP/TLS: Uses the trusted certificates if the certificates are configured, else uses the default

Avaya SIP Product CA and Avaya Product Root CA certificate.

• PPM/HTTPS/TLS: Uses the trusted certificates if the certificates are configured, else uses the

default Avaya SIP Product CA and Avaya Product Root CA certificate.

• Software distribution package and settings file: Uses the trusted certificates if the certificates

are configured, else uses the Avaya Product Root CA certificate. The identity certificate

generated using SCEP is used if the deskphone identity certificate is requested by the file

server for mutual authentication.

• Ethernet 802.1x EAP-TLS: Uses the trusted certificates. The identity certificate generated using

SCEP is used as it is required for authentication.

Enterprises can set up their own certificate authority (CA) and replace the default Avaya root

certificates with their trusted certificates. The certificates issued by CA must be configured in the

settings file when the 9600 Series IP Deskphones is registered with the enterprise. In addition to

root certificates, high-security enterprises install a unique identity certificate on each 9600 Series IP

Deskphones. Identity certificates are required if the communication setup is using EAP-TLS, or any

other server that requires mutual authentication.

The 9600 Series IP Deskphones support the Simple Certificate Enrollment Protocol (SCEP) to

retrieve and load the identity certificates. You can configure SCEP settings in the settings file. If the

device is preconfigured, you must return to factory defaults before performing the security

configurations.

Note:

The deskphone can only use certificates in PEM format. The MIME type associated with the file-

extension of the certificate file that is returned by the HTTP server must be plain/text.

Administering Avaya 9601/9608/9611G/9621G/9641G/9641GS IP Deskphones SIP

Comments on this document? infodev@avaya.com

August 2015

Table of Contents

This manual is also suitable for:

9611g 9621g 9641g 9641gs 9608

Certificate Management - Avaya 9601 Administering

Certificate management

Related Manuals for Avaya 9601

Related Content for Avaya 9601

This manual is also suitable for:

Table of Contents