1. Manuals
  2. Brands
  3. Snom Manuals
  4. Telephone System
  5. ONE IP
  6. Technical manual

Snom ONE IP Technical Manual page 90

Hide thumbs
Table of Contents

Advertisement

Deploying the snom ONE IP Telephone System
70
When using certificates on snom ONE, you can choose from the following four types:
1.
Domain certificate chain + private key: While "Server certificate chain + private
key" is the default for the whole server (see below), the PBX can also present
domain-specific certificates that require that the client, at the beginning of the
session setup, tell the server which domains it wants to connect to. With this
type of certificate, the domain name must be in the certificate, as the PBX uses
it during the import process.
2.
Server certificate chain + private key: The PBX also needs to present a certifi-
cate when it is being connected to. In this case, it must also have a private key
associated with it. The certificate portion may actually consist of a certificate
path so that the caller can verify where it comes from.
3.
Trusted Root CA for server authentication: This certificate is used by the snom
ONE built-in web client when assessing whether or not it can trust the server it
is connecting to.
4.
Trusted Root CA for client authentication: This certificate is used for client
certificate authentication and is needed essentially when a phone requests provi-
sioning. This way, the PBX can be sure that an actual phone is downloading the
configuration and not a hacker using a web browser.
Getting a Valid Certificate
Buying a Certificate
When you buy a certificate, it must be known that you are really the one who is operat-
ing a server. Although the mechanisms for this process differ, all services require that
you pay for the service and that your web browser is already set up to trust the certifi-
cate authority. This mechanism is suitable if you are operating a public service where
it is not an option to load root certificates on many clients. You usually also need to
specify which IP addresses are using this certificate for the service.
Making Your Own Certificate
You also have the option to generate your own certificates if you have control over the
clients. For example, you can join the community at http://cacert.org and generate

Advertisement

Table of Contents
loading

Related Manuals for Snom ONE IP

Related Products for Snom ONE IP

Table of Contents