Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series
251252253254255256257258259260
The use of the CTL is optional. If the CTL is not installed on the IP Deskphone, the
authentication of the network element reverts back to the default which is to authenticate the
certificate chain to a root certificate trusted by the IP Deskphone.
Validating a certificate using the Certified Trust List
The high level sequence of procedures for validating a certificate using the Certificate Trust
List is as follows:
1. Create the CTL file including start date, expire date, and a list of certificates
concatenated together in PEM format so that the entire file can be signed by a
trusted entity. A signed CTL file consists of the following:
• Validity fields
NOT_VALID_BEFORE: 23/11/2007 11:12:13
NOT_VALID_AFTER: 25/10/2011: 22:23:24
• Original unsigned file content
• Digital signature
The parts are appended together with the Validity periods first, followed by the
certificates, and then by the digital signature. The signature must be in the form of
a PKCS7 detached signature of the file in PEM format. A detached signature is a
signature that does not embed the content that is signed.
The IP Deskphone does not accept unsigned CTL files. After a CTL file is accepted,
the included certificates are added to the trusted certificate store of the IP
Deskphone.
Important:
Do not insert additional characters between the Certificate and the Digital Signature.
Otherwise, the validation fails. Do not change any information from the original file
content that was used to create the signature. Otherwise the signature becomes
invalid and you must create a new signature.
2. The CTL is provisioned to the IP Deskphone in a secure way. Avaya recommends
that you use HTTPS as the secure method to download the CTL file to the IP
Deskphone.
3. The IP Deskphone checks the validity periods as follows:
• Not Valid Before – the CTL file is not used before the validity date.
• Not Valid After– the IP Deskphone checks this when:
- the CTL file is downloaded
- every 24 hours
Certificate Trust List
SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012 257