Avaya J169 Installing And Administering page 135

H.323

Hide thumbs Also See for J169:

Manual (170 pages)

Instructions for use manual (127 pages)

User manual (126 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

Table of Contents

Enabling certificate support

You can use Simple Certificate Enrollment Protocol (SCEP) to provide an identity certificate for

use with certificate-based VPN authentication methods. The 802.1x EAP-TLS method also uses

the identity certificate for authentication. When you use TLS with HTTPS, you can use the identity

certificate to authenticate the phone and save the agent greetings or perform a backup or restore.

The phone stores the identity certificate and the phone uses the identity certificate during the TLS

handshake as required when the phone is acting as a server. When the phone is acting as a

client, the phone transmits the identity certificate on request. The IP Deskphones support Media

Encryption (SRTP) and use built-in Avaya certificates for trust management. Trust management

includes downloading certificates and managing policies for additional trusted Certificate

Authorities (CA). Simple Certificate Enrollment Protocol (SCEP) handles identity management with

phone certificates and private keys. You can apply SCEP to your VPN operation or to standard

enterprise network operation. Alternatively, you can download the PKCS #12 file that contains an

identity certificate and its private key. You must enter the authentication password after reboot.

Before you begin

For SCEP servers that are outside the corporate firewall, configure the phones that use a VPN

connection to establish an SCEP connection through an HTTP proxy server to reach the SCEP

server. In this instance, use the WMLPROXY system parameter to configure the HTTP proxy

server.

When the phone initiates SCEP, the phone attempts to contact an SCEP server through HTTP,

using the value of the configuration parameter MYCERTURL as the URI. SCEP supports an HTTP

proxy server. The phone creates a private/public key pair, where the length of each key is equal to

the value of the configuration parameter MYCERTKEYLEN. The certificate request uses the public

key and the values of the configuration parameters MYCERTCAID, MYCERTCN, MYCERTDN,

and SCEPPASSWORD.

About this task

You must configure the 46xxsettings.txt file on the file server with the specified parameters to use

an identity certificate to authenticate the phones.

Procedure

Configure the following parameters in the 46xxsettings.txt file:

• SET MYCERTURL < URL for enrolling with a SCEP fronted Certificate Authority> for example,

http://149.49.44.53/certsrv/mscep/mscep.dll.

• SET MYCERTCN $MACADDR.

• SET MYCERTWAIT 1.

• SET TRUSTCERTS "root_ certificate".

Hide quick links:

Table of Contents

Troubleshooting

This manual is also suitable for:

J179

Avaya J169 Installing And Administering page 135

Hide quick links:

Troubleshooting

Related Manuals for Avaya J169

Related Products for Avaya J169

This manual is also suitable for:

Table of Contents