Trusted Certificates - Avaya J100 Series Installing And Administering

Third-party call control setup

Hide thumbs Also See for J100 Series:

Installing and administering (528 pages)

Installing (282 pages)

User manual (188 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

page of 191

/ 191
Contents
Table of Contents
Bookmarks

Table of Contents

Security configurations

• Basic Contraints

• Subject Alternative Name

• Key Usage Extensions

• Extended Key Usage

To validate the identity of a received certificate, the following process is followed:

• Verification of certificate chain up to the trusted entity.

• Verification of the signature.

• Verification of the revocation status through OCSP.

• Verification of the certification validity (not-before and not-after dates are checked).

• Verification of the certificate usage restrictions.

• Verification of the identity against the certificate.

Subject Alternative Field (SAN)

While validating the certificates, the phone verifies whether the presented certificate has a SAN

field or not. The SAN field simplifies the server configuration. With the SAN field, you can specify

additional host names, such as IP addresses or common names, to use a single SSL Certificate.

• If the certificate does not have the SAN field, the phone validates the Common Name (CN)

fields of the certificate. In this case, you need the following CN fields:

- SIP domain name

- IP address

• If the certificate has the SAN field, the following attributes for an HTTP-TLS connection are

present:

- Provisioning phone with only an IP address

• In the SAN field, IP attribute with IP of HTTPS server is present.

- Provisioning phone with FQDN of HTTPS server

• In the SAN field, IP attribute with the IP address of HTTPS server is present.

• DNS attribute with FQDN of HTTPS server.

Note:

While provisioning the phone with the FQDN of HTTPS server, you need two attributes in the

SAN field:

• DNS attribute with FQDN

• IP attribute IP address