User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya SIP Software R4.3 SP2 for 1200 Series

231

232

233

234

235

236

237

238

239

240

openssl smime –sign –in unsigned_file –signer sign_cert_file –outform

PEM –binary –inkey sign_cert_pk_file –out tmp_signature_file

The first customer root certificate must either be signed by a Avaya Trusted Certificate or

Fingerprint accepted. To control further signing of a customer root certificate, and prevent

security risks, the following Security Policy parameter must be configured.

CUST_CERT_ACCEPT — VAL_NO_CHECK

Device certificate installation

A device certificate is a certificate used to prove the identity of the IP Deskphone to a server

while establishing various secure connections, such as TLS and HTTPS, between the

IP Deskphone and a server. Each device certificate is associated with a specific usage

purpose. It is possible for one or two device certificates to be installed on the IP Deskphone

(for

example, one for all TLS connections and one for VPN). A Device Certificate Profile (DCP)

allows for various combinations of sharing device certificates among different applications.

Within the DCP, you can identify one of more uses (or purposes) for the device certificate

associated with each profile, to provide a flexible model for the sharing of device certificates

among IP Deskphone applications.

The following sections describe the process used to install a device certificate on the

IP Deskphone. This process starts with defining a DCP for each device certificate that must

be installed on the IP Deskphone. See

Device certificate profiles on page 234

The two methods used to install a device certificate on the IP Deskphone are:

• SCEP

• PKCS#12 download

SCEP is a protocol that allows the IP Deskphone to send a device certificate request to a CA

server based on a locally generated private key to provide more security for the private key

(because the private key is never transmitted, even in an encrypted form). See

SCEP on

page

239

PKCS#12 is an industry standard for exchanging certificate and private keys. A device

certificatd downloaded to the IP Deskphone in a PKCS#12 file contains the complete certificate

including the private key of the device certificate which is generated offline by a Certificate

Authority (CA). The PKCS#12 file is encrypted using password at the time of generation to

protect the private key. See

PKCS 12 download on page

242.

For more information on defining a device certificate profile, see

Device certificate profiles on

page

234.

Device certificate installation

SIP Software for Avaya 1200 Series IP Deskphones-Administration September 2013 233