• PKCS#12 file format is supported for installation.
To check the number of days remaining for Identity certificate expiry, use the parameter
CERT_WARNING_DAYS. The user is notified through a log message if the log level is maintained
as WARNING with the category CERTMGMT. The logs are maintained and displayed if SYSLOG
is enabled.
MIB object tables and IDs are created for certificates installed on the phone. You can view the
certificate attributes through an SNMP MIB browser.
To implement DES, the phone has 64 Public CA certificates built in. For a list of the certificates,
see
Public CA Certificates
Phone identity certificates
Identity certificates are used to establish the identity of a client or server during a TLS session.
Phones support the installation of an identity certificate using one of the following methods:
• Secure Certificate Enrollment Protocol (SCEP) by using the 46xxsettings.txt file
parameter MYCERTURL.
SET MYCERTURL "http://192.168.0.1/ejbca/publicweb/apply/scep/pkiclient.exe"
• PKCS12 File by using the 46xxsettings.txt file parameter PKCS12URL
SET PKCS12URL http://192.168.0.1/client_$MACADDR_cert.p12
Note:
If both MYCERTURL and PKCS12URL are provided in the 46xxsettings.txt file, then
PKCS12URL takes precedence over MYCERTURL.
The attributes of an identity certificate can be viewed by using a MIB browser. The following MIB
OIDs can be used for this query:
Attribute Name
Serial Number
Subject
Issuer
Validity
Thumbprint
Subject Alt Name
Key Usage Extension
Extended Key Usage
Basic Constraints
Server certificate validation
A server always provides a server certificate when the phone initiates a SIP-TLS, EAP-TLS or
HTTPS connection.
July 2019
on page 342.
MIB OID
endptIdentityCertSN
endptIdentityCertSubjectName
endptIdentityCertIssuerName
endptIdentityCertValidityPeriod
endptIdentityCertFingerprint
endptIdentityCertSubjectAlternativeName
endptIdentityCertKeyUsageExtensions
endptIdentityCertExtendedKeyUsage
endptIdentityCertBasicContraints
Installing and Administering Avaya J100 Series IP Phones
Comments on this document? infodev@avaya.com
Certificate management
191