Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya SIP Software R4.3 SP2 for 1200 Series
241242243244245246247248249250
Configure the DCP for the specified index for a PKCS#12 downloaded certificate,
otherwise the file is rejected. By default, profile 1 is configured for SCEP and all
other profiles are configured for PKCS#12.
2. The IP Deskphone checks the version in the [DEV_CERT] section against the
version stored in the specified PROFILE. If the version in the specified profile is
missing or is older, the device certificate file is downloaded. The profile index is 1.
3. Download the file.
4. Enter the PKCS#12 protected password.
5. Validate the device certificate to ensure that you entered the correct password.
6. Extract the private key and device certificate.
7. Validate the device certificate to ensure the following:
• the correct password is entered
• Key size is >= to the value specified in the Security Policy File
• Key Algorithm is DSA
• the certificate is not revoked
• the certificate is not expired
8. If the IP Deskphone has correctly validated the device certificate, the IP Deskphone
stores the device certificate and private key in the device certificate profile specified
in the [DEV_CERT] section of the IP Deskphone memory (SFS).
• The version specified in the [DEV_CERT] section is stored in the profile for future
reference when determining if a new device certificate is available for
download.
The PKCS#12 imported certificate is stored in Profile 1.
Certificate Trust Line (certificate verification)
There are two methods to validate a certificate before the IP Deskphone can use it:
Certificate Revocation List (CRL) — The Certificate Revocation List method has a
limitation in the number of CRL entries used due to the limitation of the IP Deskphone
memory. It supports up to 100 CRL entries.
• Certificate Trust List (CTL) — The Certificate Trust Line is a collection of certificates
bundled together into a file and downloaded into the IP Deskphone. The file is signed and
all of the certificates in the bundle are inherently trusted by the IP Deskphone (id the file
signature is verified). You can use the CTL in place of a CRL because in the IP
Deskphone, the CTL is much smaller than the CRL.
Certificate Trust Line (certificate verification)
SIP Software for Avaya 1200 Series IP Deskphones-Administration September 2013 243