Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series
251252253254255256257258259260
must be installed on the IP Deskphone and stored in the IP Deskphone trusted store for the
following reasons:
to verify the identity of the various servers that the IP Deskphone can attempt to establish
secure connections with, such as TLS and HTTPS
• to authenticate the signatures on software and configuration files that are downloaded
onto the IP Deskphone.
Trusted root certificate installation
You can install one or more customer root certificates on the IP Deskphone by using the
configuration file 11xxeSIP.cfg.
The [USER_KEYS] section is added to the configuration file 11xxeSIP.cfg to download a
customer root certificate from a provisioning server. For example:
[USER_KEYS]
DOWNLOAD_MODE AUTO
PROTOCOL HTTPS
FILENAME custroot.pem
The PROTOCOL attribute of the [USER_KEYS] section can be assigned to one of the IP
Deskphone supported protocols, such as HTTP, TFTP, HTTPS, and FTP.
The FILENAME attribute of the [USER_KEYS] section points to the file name of a
customer root certificate in Privacy Enhanced Mail (PEM) format.
• After the configuration file is downloaded and parsed by the IP Deskphone, the
[USER_KEYS] section is processed and the root certificate is downloaded to the IP
Deskphone.
After the certificate file is downloaded, you must authenticate the contents of the certificate
file before installing it on the IP Desklphone. There are two possible situations.
- If there are no existing customer root certificates on the IP Deskphone, a fingerprint
(SHA1 hash) for the file is computed. Depending on the value that is configured in
the Security Policy parameter, CUST_CERT_ACCEPT, the user can either be
prompted to accept this fingerprint (CUST_CERT_ACCEPT = VAL_MANUAL_A,) or
prompted to enter the fingerprint for verification (CUST_CERT_ACCEPT =
VAL_MANUAL_B).
- If there is one or more customer root certificate on the IP Deskphone, the certificate
file must be digitally signed with a signing certificate. In this case, there is no
interaction with the user. The signature is internally verified and the signing certificate
is verified to be issued by a customer root certificate that is already installed on the
IP Deskphone.
Trusted Root certificate
SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012 253