User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series

261

262

263

264

265

266

267

268

269

270

SECURITY_POLICY_PARAM_CHANGE This Parameter defines if configuration files

(11xxeSIP.cfg) are forced to be signed if there is

a customer certificate installed. This parameter

has no effect if there are no installed customer

certificates. Acceptable values for this

parameter are as follows:

- YES– If there is a customer certificate

installed, the downloaded file must be signed

and fully authenticated.

- NO – If there is a customer certificate installed,

the downloaded file will be automatically

accepted with no authentication (default).

Installing a Security Policy file

About this task

You can install a Security Policy file on the phone by using the configuration file

11xxeSIP.cfg.

Procedure

1. Create a text file, for example SecurityPolicy.txt.

2. Add a security parameter and value in the text file, for example

CERT_ADMIN_UI_ENABLE YES. The parameter name and value are separated

by a space.

3. Sign the file using a signing certificate. For example, SecurityPolicy.txt.sig file.

The [SEC_POLICY] section is added to the configuration file 11xxeSIP.cfg to

download a security policy file from a provisioning server.

4. After the security policy file is downloaded, its contents must be authenticated prior

to being installed on the IP Deskphone. There are 2 possible cases:

• If there are no existing customer root certificates on the IP Deskphone, a

fingerprint (SHA1 hash) for the file is computed. Depending on the value of the

Security Policy parameter SEC_POLICY_ACCEPT value on the IP

Deskphone, you are either prompted to accept this fingerprint

(SEC_POLICY_ACCEPT = VAL_MANUAL_A) or you are prompted to enter

the fingerprint for verification (CUST_CERT_ACCEPT = VAL_MANUAL_B).

• If there are one or more customer root certificates on the IP Deskphone, then

the security policy file must be digitally signed with a “signing” certificate. In

this case, there is no interaction with the user. The signature is internally

verified and the signing certificate is verified to be issued by a customer root

certificate that is already installed on the IP Deskphone.

Certificate-based authentication

270 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012

Comments? infodev@avaya.com