March 2015 Sip Software For Avaya 1200 Series Ip Deskphones-Administration - Avaya 1230 Administration
1200 series software
Hide thumbs
Also See for 1230:
- User manual (315 pages) ,
- Software user's manual (246 pages) ,
- Quick reference manual (4 pages)
Table of Contents
Advertisement
Root certificate installation
The customer root certificate is a self-signed certificate (a self-issued certificate where the subject
and issue fields contain identical DNs, and are not empty). The customer root certificate must be
installed on the IP Deskphone and stored in the IP Deskphone trusted store for the following
reasons:
• to verify the identity of the various servers that the IP Deskphone may attempt to establish
secure connections with (such as TLS and HTTPS)
• to authenticate the signatures on software and configuration files that you download onto the IP
Deskphone.
You can install a customer root certificate by using Simple Certificate Enrollment Protocol (SCEP) or
by using the configuration file (for example 12xxSIP.cfg.).
If you use SCEP, you must first configure the URL of the CA SCEP server and the domain name,
and then you can connect to the CA and download a CA root certificate to the IP Deskphone.
• The IP Deskphone sends the GetCACert request to the SCEP-enabled interface for a CA
server.
• The IP Deskphone waits for a response. If an error is received (such as timeout or server
unreachable), the registration process ends.
• The IP Deskphone accepts the reply which contains the CA root certificate. The reply may also
include one or two Registration Authority (RA) certificates which are stored temporarily for use
during the request for a device certificate.
• If the CA root certificate is not already on the IP Deskphone, the fingerprint is computed and
displayed. The computed fingerprint is the thumbprint of the certificate (the SHA1 hash of the
public key of the certificate).
• You must Accept or Reject the fingerprint.
• If the CA root certificate is rejected, the registration process ends.
• If the CA root certificate is already in the trusted store, no prompt appears.
• If the fingerprint is accepted, the CA root certificate is added to the trusted store on the
IP Deskphone.
If you use the configuration file (for example, 11xxe.cfg), you can download one or more CA root
certificates to the IP Deskphone.
• The [USER_KEYS] section is added to the configuration file (for example 12xxSIP.cfg), where
the FILENAME attribute points to the file name of a customer root certificate in Privacy
Enhanced Mail (PEM) format. The PROTOCOL attribute of the [USER_KEYS] section can be
assigned to one of the IP Deskphone supported protocols, such as HTTP, TFTP, HTTPS and
FTP.
• After the configuration file is downloaded and parsed by the IP Deskphone, the [USER_KEYS]
section is processed and the root certificate is downloaded to the IP Deskphone.
• After the certificate file is downloaded, you must authenticate the contents of the certificate file
before installing it on the IP Deskphone. There are two possible situations.
- If there are no existing customer root certificates on the IP Deskphone, a fingerprint for the
file is computed. Depending on the value that is configured in the Security Policy parameter,
March 2015
SIP Software for Avaya 1200 Series IP Deskphones-Administration
Comments? infodev@avaya.com
Root certificate installation
245
Advertisement
Table of Contents
