Chapter 25: Certificate-based
Certificate-based authentication overview
Certificate-based authentication allows the administrator to ensure that the IP Deskphone is
authorized to access the enterprise LAN environment. Certificate-based authentication supports
three types of Extensible Authentication Protocols (EAP):
• EAP-MD5—User ID/password-based authentication
• EAP-PEAP—certificate-based authentication
• EAP-TLS—certificate-based authentication
Trusted root certificates and device certificates must be installed before using EAP-TLS, EAP-PEAP
or HTTPS.
Certificate-based authentication supports two types of device certificates: one is used by EAP-TLA,
and the other is used by SIP-TLS, but the administrator can also have a third device certificate for
HTTPS. The user must connect to a Certificate Authority (CA) to retrieve or sign certificates. A CA is
a trusted third party; components of a system agree to trust the CA to verify the necessary
information.
When the CA validates the user information, it issues the user a certificate that contains a variety of
data, including:
• the identity of the issuing CA
• how much the CA trusts the user
• an expiry date for the certificate
Other components of the system can read the user's certificate to determine if the certificate, and
the identity it represents, are valid.
The administrator can install and manage the certificates on the IP Deskphone. The certificates
authenticate the IP Deskphone to an authentication server before the IP Deskphone can access the
enterprise network.
Certificate-based authentication includes the following features:
• EAP Authentication
March 2015
authentication
SIP Software for Avaya 1200 Series IP Deskphones-Administration
Comments? infodev@avaya.com
243