User's Manual
458 X.509 Certificates
Table 113
OpenSSL-based Windows script for file signing
REM %1 - Input Unsigned File
REM %2 - Signing Certificate
REM %3 - Signing Certificate Private Key
REM %4 – Output Signed File
set unsigned_file=%1
set sign_cert_file=%2
set sign_cert_pk_file=%3
set signed_file=%4
REM Setup temporary files
set tmp_signature_file="sig.tmp"
REM Create a detached signature
openssl smime –sign –in %unsigned_file% –signer %sign_cert_file% –outform
PEM –binary –inkey
%sign_cert_pk_file% –out %tmp_signature_file%
REM Now append the signature to the unsigned file
copy /y /b %unsigned_file% + %tmp_signature_file% %signed_file%
REM Clean up
del %tmp_signature_file%
You can use other Certificate Management systems if the system includes
the ability to generate a detached signature.
Configuration file
This section describes customer certificate files options and effects.
Each phone type has a unique default name for the configuration file.
For example, the default name for the 1140e is 1140e.cfg. You can use
the configuration file to specify the firmware to install on the phone and
to specify other downloadable files. The configuration file downloads (if
available) when the phone boots. All sections defined in the file process
in the order they are specified in the file. For each section in the file, one
or more files can be downloaded.
The format of the [USER_KEYS] section in the configuration file triggers
the download of a customer certificate.
[FW]
DOWNLOAD_MODE AUTO
VERSION 0625C68
PROTOCOL TFTP
FILENAME 0625C68.bin
[USER_KEYS]
DOWNLOAD_MODE AUTO
VERSION 1
PROTOCOL TFTP
FILENAME cacert.pem
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.