Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya Communication Server 1000 IP Phones Fundamentals
451452453454455456457458459460
Certificate installation 459
[DEVICE_CONFIG]
DOWNLOAD_MODE AUTO
VERSION 3
PROTOCOL TFTP
FILENAME *.dev.sig
The order of the sections in the file can affect whether files successfully
download. All customer-defined files must be signed after a customer
root certificate is installed on the phone so all sections that appear after
[USER_KEYS] which download customer files must be signed. In the
example above, the Device Configuration file must be signed or it does not
install on the phone. Nortel recommends that you place the [USER_KEYS]
section before all sections so that subsequent downloads do not fail.
Nortel supplied files are always signed. You can specify TFTP, HTTP,
or FTP protocol. You can specify more than one FILENAME although
be careful when you use this feature with certificates as only the first
certificate file can download unsigned. The asterisk (*) in the Device
Configuration filename indicates that when the phone attempts to
download the file, it substitutes the “*” with the MAC address of the
phone. This allows phone-specific configuration files but if a customer root
certificate is installed, all phone-specific files must be signed, as well. For
the special case of certificate download ([USER_KEYS]), the VERSION is
required but it is not actually used. The certificate(s) always downloads,
however, if the certificate already exists in the phone, it does not save.
The VERSION is ignored because the certificate completely identifies itself
and its version internally. This allows the same configuration file to be
used even after the customer root certificate is installed.
Security Policy
The Security Policy defines some optional elements of certificate
management and defines the authentication procedure for some (but not
all) unsigned installable customer files.
You can download a Security Policy to the phone using the [SEC_POLICY]
section in the configuration file. An example Security Policy is shown in
Table 114 "Security policy" (page 460). If a customer certificate does not
exist, accept the security policy file by confirming a displayed fingerprint.
If a customer certificate exists, the Security Policy file must be signed and
authenticated before it can update.
Table 114 "Security policy" (page 460) provides an example of the security
policy and the default values.
Nortel Communication Server 1000
IP Phones Fundamentals
NN43001-368 05.06 30 April 2010
Copyright © 2003-2010 Nortel Networks. All Rights Reserved.
.