Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series
251252253254255256257258259260
mark events, such as Certificate Addition and Deletion. The administrator is to view security
and error logs from the user interface, as well.
The administrator is able to define the Security policy on the IP Deskphone using the Security
Policy file. The Security Policy file contains a set of rules that dictates certificate-based
authentication on the IP Deskphone, such as the size of the public and private keys used on
the certificates.
After the certificates are installed, they can be used by SIP, HTTP, and EAP applications
running on the IP Deskphone to provide secure connections with the corresponding servers,
which results in SIP-TLS, HTTP, and EAP-TLS connections.
EAP authentication methods are used to allow the administrator to ensure that individual
devices are authorized to access the enterprise LAN environment. The following EAP methods
are supported on the device.
• EAP-MD5—User ID/password-based authentication
• EAP-PEAP—certificate-based authentication
• EAP-TLS—certificate-based authentication
EAP-PEAP and EAP-TLS use certificates to authenticate a device on the network. EAP-PEAP
requires a trusted anchor certificate to be installed on the IP Deskphone. EAP-TLS requires a
trusted anchor certificate and a device certificate to be installed on the IP Deskphone.
HTTPS is used to securely download provisioning files from a provisioning server. These files
include configuration files, such as 11xxeSIP.cfg, and also other configuration and resource
files specified by 11xxeSIP.cfg.
In order for the IP Deskphone to perform certificate-based authentication, the following
components must be installed on the IP Deskphone:
• Trusted root certificates
• Device certificate
• CTL
• Security policy
Trusted Root certificate
The customer root certificate is a self-signed certificate (a self-issued certificate where the
subject and issue fields contain identical DNs, and are not empty. The customer root certificate
Certificate-based authentication
252 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012
Comments? infodev@avaya.com