User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya Communication Server 1000 IP Phones Fundamentals

451

452

453

454

455

456

457

458

459

460

Certificate installation 451

Use the following procedure to install the first customer certificate on the IP

Phone.

Procedure 114

Installing the ﬁrst customer certiﬁcate on the IP Phone

Step Action

1 Export the public CA certificate in Privacy Enhanced Mail (PEM)

format.

The exporting process depends on the management certificate

program (for example, Microsoft CA Server, OpenSSL, EJBCA).

Keep the private key secure and do not install the private key

on the phone.

2 If you store more than one certificate in PEM format in this file,

insert a blank line to separate the certificates. See Figure 84

"Certificate file with more than one certificate" (page 464).

3 Add a section to the configuration file for each IP Phone where

FILENAME is the name of the file created in step 1. For more

information about the configuration file, see “Configuration file”

(page 458) .

4 Use DHCP or manual configuration to properly set the

Provisioning Server address.

5 Reboot the IP Phone.

6 When the phone connects to the provisioning server, the

[USER_KEYS] section is read and the file(s) downloads.

7 Select Install to proceed.

The phone displays the fingerprint of the certificate file.

8 Select Accept to install the certificate on the IP Phone.

For more information about certificate validation options, see

“Validating certificates” (page 452).

--End--

It is possible to change the default behavior described inProcedure 114

“Installing the first customer certificate on the IP Phone” (page 451) so

that the user must enter the fingerprint of the certificate file rather than

just accept a displayed value. To do this, you must change the Security

Policy on the phone. For more information about the Security Policy, see

“Security Policy” (page 459).

Nortel Communication Server 1000

IP Phones Fundamentals

NN43001-368 05.06 30 April 2010