Phone Identity Certificates - Avaya 9600 Series Installing And Administering

Phone identity certificates

Identity certificates are used to establish the identity of a client or server during a TLS session.
Phones support the installation of an identity certificate using one of the following methods:
• Secure Certificate Enrollment Protocol (SCEP) by using the 46xxsettings.txt file
parameter MYCERTURL.
SET MYCERTURL "http://192.168.0.1/ejbca/publicweb/apply/scep/pkiclient.exe"
• PKCS12 File by using the 46xxsettings.txt file parameter PKCS12URL
SET PKCS12URL http://192.168.0.1/client_$MACADDR_cert.p12
Note:
If both MYCERTURL and PKCS12URL are provided in the 46xxsettings.txt file, then
PKCS12URL takes precedence over MYCERTURL.
The attributes of an identity certificate can be viewed by using a MIB browser. The following MIB
OIDs can be used for this query:
Attribute Name
Serial Number
Subject
Issuer
Validity
Thumbprint
Subject Alt Name
Key Usage Extension
Extended Key Usage
Basic Constraints
Server certificate validation
A server always provides a server certificate when the phone initiates a SIP-TLS, EAP-TLS or
HTTPS connection.
To validate the identity of a received server certificate, the phone verifies the following:
• The certificate chain up to the trusted certificate authority in TRUSRCERTS
• The Signature
• The Revocation status through OCSP if OCSP_ENABLED is set to 1
• Certificate validity based on the current date and not-before and not-after attributes of the
certificate.
• Certificate usage restrictions.
January 2020 Installing and Administering Avaya 9601/9608/9611G/9621G/9641G/9641GS IP
MIB OID
endptIdentityCertSN
endptIdentityCertSubjectName
endptIdentityCertIssuerName
endptIdentityCertValidityPeriod
endptIdentityCertFingerprint
endptIdentityCertSubjectAlternativeName
endptIdentityCertKeyUsageExtensions
endptIdentityCertExtendedKeyUsage
endptIdentityCertBasicContraints
Deskphones SIP
Comments on this document? infodev@avaya.com
Certificate management
47