Trusted Certificates; Ocsp Trust Certificates - Avaya J100 Series Installing And Administering
Hide thumbs
Also See for J100 Series:
- Installing and administering (528 pages) ,
- Installing (282 pages) ,
- User manual (188 pages)
Table of Contents
Advertisement
2. Full content of one field in the CN
The phone checks for a FQDN server identity match with the following in the specified order until a
match is found:
1. Field of type DNSName in the SAN extension. An exact match of the full string is required.
For example, host.subdomain.domain.com does not match subdomain.domain.com.
2. Full content of one field in the CN using the same rules as DNSName in SAN.
Note:
Identities containing a wildcard are not supported and do not match. For example,
*.domain.com in the certificate will not match a connection to hostname.domain.com.
In addition, all SIP-TLS connections also verify that the SIP domain configured on the phone is
present in the SIP server certificate as per RFC 5922.
The phone checks for a SIP domain match with the following in the specified order until a match is
found:
1. Field of type URI in the SAN extension.
2. Field of type DNSName in the SAN extension and there is no URI field in the list of SAN
extensions.
3. Full content of one field in the CN and there is no URI field in the list of SAN extensions.
Note:
Only full matches are allowed. For example, a configured SIP domain of sipdomain.com will
not match a SAN DNSName containing proxy1.sipdomain.com.
Trusted certificates
Trusted certificates are root certificates of the certificate authority that issued the server or client
identity certificates in use. These certificates are installed on the phones through the HTTP server
and are used to validate server certificates during a TLS session.
System Manager includes EJBCA, an open source PKI Certificate Authority, that can be used to
issue and manage client and server certificates.
OCSP trust certificates
Online Certificate Status Protocol (OCSP) is used to check the certificate revocation status of an
x509 certificate in use. The phone trusts the OCSP server and installs its CA certificates. These
certificates are called OCSP Trust Certificates.
OCSP Trust Certificates are installed in the same way as those for System Manager. However,
OCSP Trust Certificates use a different parameter name called OCSP_TRUSTCERTS. This
parameter follows the same format as that for TRUSTCERTS.
July 2019
Installing and Administering Avaya J100 Series IP Phones
Comments on this document? infodev@avaya.com
Certificate management
193
- Quick Links:
- Button Modules
Hide quick links:
Advertisement
Table of Contents
