User's Manual
452 X.509 Certificates
Validating certificates
All new certificates that are received and are meant to be stored on the IP
Phone must be validated. Certificates that are digitally signed and can be
authenticated using one of the certificates in the trusted certificate store
are considered validated and do not require user input. If one or more
Customer Certificates are installed in the IP Phone trusted certificate store,
any certificate that does not pass the digital authentication is rejected and
an error is logged.
If Customer Certificates are not installed in the trusted certificate store
on the IP Phone, you can use one of the following methods to manually
validate an unsigned certificate
•
Manual A (default)
• Manual B
Manual A
If the file containing a Customer Certificate is not signed a prompt appears
on the screen with a fingerprint for the file as a whole, regardless of
the number of certificates contained in the file. If you confirm that the
fingerprint is correct, all certificates in the file validate and save. You
cannot use this method to validate Nortel certificates.
Manual A uses a 20 digit (64 bit) fingerprint. You must confirm the
fingerprint, which appears on the screen. See Figure 80 "Fingerprint
verification" (page 453).
The screen shows the file type and a prompt to install or reject the file.
After 30 seconds, the prompt times out and the certificate is automatically
rejected.
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.