Scep Support - Konftel 800 Installation & Administration

Hide thumbs Also See for 800:

Installation & administration (158 pages)

User manual (60 pages)

Manual (57 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

page of 200

/ 200
Contents
Table of Contents
Bookmarks

Table of Contents

SECURITY AND PROTECTION

The conference phone supports the same mandatory crypto

AES_256_CM_HMAC_SHA1_80 when

are disabled.

When the administrator disables

, Konftel 800 supports AES_CM_128_HMAC_SHA1_80 for media

Encryption

encryption with SRTP.

SCEP SUPPORT

Konftel 800 supports Simple Certificate Enrollment Protocol (SCEP) required for

managing digital certificate obtainment. SCEP is used to contact a SCEP server to

get an Identity certificate. The device uses this certificate for all TLS connections

if they do not have manually configured certificates (SIP TLS, 802.1x EAP-TLS,

Provisioning via TLS, LDAP). You can also obtain a CA certificate if the SCEP

server has corresponding configurations.

SCEP enrollment

You can configure SCEP through the web interface and importing the

configuration file with the specific SCEP settings. After Konftel 800 reboots, it

attempts to connect the specified SCEP server. If the server is reachable, it

provides the certificates with the settings matching the server configuration. If

the received certificate is valid and the SCEP enrollment is successful, the phone

saves the configuration and reboots.

When the device requests an SCEP server to get or renew a certificate, the

request must be approved. The following types of request approval are available:

•

Manual approval. The SCEP server receives your request, and then the SCEP

server administrator must approve it. The next request of the device results in

the certificate provision.

•

Automatic approval. The SCEP server checks your request for validity, then

if the parameters are accurate, approves the request and sends you the

certificate.

The enrollment fails if the settings configuration on the phone and the server do

not match. Here, Konftel 800 triggers the next enrollment in 24 hours.

If you upload a certificate to the phone through the web interface or using

automatic provisioning only for one connection, for example, for the LDAP

connection, that connection continues to use the configured certificate. Other

connections use the SCEP Identity certificate received from the SCEP server.

and

FIPS Mode

and enables

FIPS Mode

156

Allow Legacy Encryption

Allow Legacy

Table of Contents

Scep Support - Konftel 800 Installation & Administration

SCEP SUPPORT

Related Manuals for Konftel 800

Related Content for Konftel 800

Table of Contents