Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP phonesSIP Software 3.1 for 1100 Series
271272273274275276277278279280
Creating a signing certificate
About this task
You can create a signing certificate using OpenSSL.
Procedure
1. Add the following section to the openssl.cfg file:
[ signing_cert_ext ]
subjectAltName=DNS:www.avaya.com
basicConstraints=CA:FALSE
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer:always
keyUsage=critical,digitalSignature
extendedKeyUsage=critical,codeSigning,emailProtection
2. Use the following OpenSSL command to create a certificate request:
openssl req -new -keyout signing_key.pem
-out signing_req.pem –days 365
This creates the following files in PEM format:
• signing_key.pem, which holds the private key of the signing certificate
• signing_req.pem, which holds the certificate request
3. Use the following OpenSSL command to create the signing certificate
openssl ca -policy policy_anything -extensions signing_cert_ext
-out signing_cert.pem -infiles signing_req.pem
This command creates the file signing_cert.pem, which holds the signing certificate
itself in a PEM format
Next steps
At the end of this process a signing certificate (signing_cert.pem) and its private key
(signing_key.pem) are created, which can be used to sign the a resource file using scripts. For
information about signing scripts, see
Note:
The above commands are examples of commands that create the files signing_req.pem,
signing_key.pem and signing_cert.pem with 365 days lifespan. You can change these
names and the lifespan days.
File signing
A file is signed by appending a digital signature, which is created using a Signing Certificate.
The Signing Certificate must either be directly issued by a CA root certificate installed on the
Certificate-based authentication
280 SIP Software for Avaya 1100 Series IP Deskphones-Administration November 2012
Comments? infodev@avaya.com