User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series

251

252

253

254

255

256

257

258

259

260

• PROFILE attribute must be 1. The certificate profile index identifies the file

name where the profile is stored in the IP Deskphone memory (SFS), and

identifies the device certificate profile.

• PURPOSE attribute is a bit mask that lets a device certificate be used for

multiple purposes. PURPOSE must be -1 as the same device certificate is

used for all purposes (HTTPS, SIP=TLS, EAP-TLS).

• VERSION attribute determines if the file should be downloaded by comparing

this VERSION with the VERSION stored in the corresponding device

certificate profile.

2. The IP Deskphone checks the version in the [DEV_CERT] section against the

version stored in the specified PROFILE. If the version in the specified profile is

missing or is older, the device certificate file is downloaded.

3. After the PKCS#12 file device certificate is downloaded, the IP Deskphone prompts

the administrator to enter the PKCS#12 protected password.

Note:

The password can be empty, but the use of an empty password is not recommended

except under very controlled conditions.

4. Enter the PKCS#12 protected password.

5. The IP Deskphone validates the device certificate to ensure the following:

• the correct password is entered

• key size is >= to the value specified in the Security Policy File

• key algorithm is RSA

• the certificate is not revoked

• the certificate is not expired

6. If the device certificate is validated correctly, the IP Deskphone stores the device

certificate and the private key in the IP Deskphone memory (SFS) in the device

certificate profile specified in the [DEV_CERT] section.

The version specified in the [DEV_CERT] section is stored in the profile for future

reference when determining if a new device certificate is available for download.

Certificate Trust List

The IP Deskphone uses Certificate Trust List (CTL) method to verify the various network

elements such as proxy servers and provisioning servers. For the IP Deskphone to trust any

network element, the certificate of the IP Deskphone must be added to the CTL.

The CTL is a collection of certificates bundled together into a file and downloaded into the IP

Deskphone. The file is signed and all of the certificates in the bundle are inherently trusted by

the IP Deskphone (after the file signature is verified).

Certificate-based authentication

256 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012

Comments? infodev@avaya.com