User's Manual
- a remote certificate is presented to the IP Deskphone
- the CTL is expired; the CTL is deleted and an event is logged in the
security log.
4. After the IP Deskphone starts a TLS channel with a server (EAP or TLS) and
receives a server certificate, the IP Deskphone validates the certificate by checking
the availability of the certificate in the CTL and decides whether to trust the
certificate or not. If the server certificate is not in the CTL, the server certificate is
rejected and a TLS channel is not established.
The administrator must ensure that the CTL is up to date. If a new CTL is
downloaded to the IP Deskphone, the old CTL file is overwritten by the new one.
Note:
The IP Deskphone can trust up to ten server certificates in the CTL file.
An example of a CTL file is as follows:
NOT_VALID_BEFORE: 23/11/2007 11:12:13
NOT_VALID_AFTER: 25/10/2011 22:23:24
-----BEGIN CERTIFICATE-----//
the content of the certificate goes here
-----END CERTIFICATE-----
// the content of the digital signature goes here
-----END PKCS7-----
Installing a Certified Trust List
About this task
The IP Deskphone uses the Certified Trust List (CTL) method to verify the various network
elements, such as proxy servers and provisioning servers.
Procedure
Add the [CTL] section to 11xxeSIP.cfg to allow the IP Deskphone to download a CTL
file.
After the 11xxeSIP.cfg file downloads from the provisioning server, the IP Deskphone
executes the [CTL] sections and downloads the CTL file.
After the CTL file is downloaded, the IP Deskphone validates the CTL file to ensure
that the CTL file is signed by a trusted entity. If the CTL file is validated correctly, the
CTL file is stored in the IP Deskphone
Example
An example of the format for the [CTL] section of the 11xxeSIP.cfg file is as follows:
[CTL]
DOWNLOAD_MODE AUTO
Certificate-based authentication
258 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012
Comments? infodev@avaya.com