User's Manual
449
.
X.509 Certificates
This section contains the following topics:
•
“Certificate management” (page 449)
• “Root certificate” (page 450)
• “Device certificate” (page 450)
• “Certificate installation” (page 450)
Certificate management
SSL/TLS for protecting HTTP management traffic supports only server
side certificate-based authentication. TLS for SIP supports both
server side and client side certificate-based authentication (mutual
authentication). DTLS-capable IP Phones can validate certificates on the
Signaling Servers and Media Cards.
Unified Communications Manager provides a centralized console for
managing X.509 certificates, including issuing certificates, distributing
certificates to Communication Server 1000 devices (for example, a SIP
Gateway), revoking certificates, and managing the trusted CA certificate
list on Communication Server 1000 devices.
For example, from the certificate management console, X.509 certificates
can be assigned remotely to Web SSL and SIP TLS services on SIP
Gateways, as well as NRS and Element Manager servers. Different
services on the same device can have their own certificates, such as
DTLS, or share a common certificate. For example, Web SSL and SIP
TLS services that are active on the same device can share the same
X.509 certificate.
ATTENTION
IP Phones require UNIStim 4.0 or later to support DTLS signaling encryption.
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.