Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya SIP Software R4.3 SP2 for 1200 Series
241242243244245246247248249250
The IP Deskphone does not accept unsigned CTL files. After a CTL file is accepted,
the included certificates are added to the trusted certificate store of the IP
Deskphone.
Important:
Do not insert additional characters between the Certificate and the Digital
Signature. Otherwise, the validation fails. Do not change any information from
the original file content that was used to create the signature. Otherwise the
signature becomes invalid and you must create a new signature.
2. The CTL is provisioned to the IP Deskphone in a secure way. Avaya recommends
that you use HTTPS as the secure method to download the CTL file to the IP
Deskphone.
3. The IP Deskphone checks the validity periods as follows:
• Not Valid Before—Not used
• Not Valid After—The IP Deskphone checks this when
- The CTL file is downloaded.
- Every 24 hours.
- When a remote certificate is presented to the IP Deskphone.
- The CTL is expired; the CTL is deleted and an event is logged in the
security log.
4. After the IP Deskphone starts a TLS channel with a server (EAP or TLS) and
receives a server certificate, the IP Deskphone validates the certificate by checking
the availability of the certificate in the CTL and to decide whether to trust the
certificate or not. If the server certificate is not in the CTL, the server certificate is
rejected and a TLS channel is not established.
The administrator has to ensure that the CTL is up-to-date. If a new CTL is downloaded to the
IP Deskphone, the old CTL file is overwritten by the new one.
The IP Deskphone can trust up to ten server certificates in the CTL file.
The following is an example of a CTL file.
Validating a certificate using the Certificate Trust List
SIP Software for Avaya 1200 Series IP Deskphones-Administration September 2013 245