Manualshelf

User's Manual

ManualsBrandsAvaya ManualsIP DeskphonesAvaya SIP Software R4.3 SP2 for 1200 Series
251252253254255256257258259260
Provisioning configuration file download
Securely download provisioning configuration files through HTTPS.
Provisioning configuration files download through HTTPS
The IP Deskphone can contact a provisioning server and download an 12xxSIP.cfg file to
identify
additional files and protocols used. When a file is identified, and the protocol specified
in the "protocol" parameter is HTTPS, the IP Deskphone contacts the target server and
negotiates a TLS connection. Then, the IP Deskphone downloads the specified file and
terminates the connection.
HTTP connection over TLS is established by using single or mutual authentication.
Single Authentication
A server certificate, user name, and password are required to establish TLS connection
between
the IP Deskphone and the provisioning server. The server certificate must be signed
by a certificate authority. The IP Deskphone uses the server certificate to validate the identity
of the provisioning server that the IP Deskphone is connected to; the provisioning server uses
the user name and password to authenticate the IP Deskphone. The IP Deskphone must be
preloaded with the root certificate used in signing the server certificate. The root certificate is
downloaded to the IP Deskphone by connecting to a provisioning server through EAP-MD5,
and using one of the insecure protocols supported by the IP Deskphone, such as HTTP, TFTP
or FTP. EAP-MD5 ensures that the connection between the IP Deskphone and the provisioning
server is secure. The user name and password are required to authenticate the IP Deskphone
to the provisioning server and must be loaded in a secure manner before the IP Deskphone
establishes the HTTPS connection with the provisioning server. There is no mechanism for
getting a user name and password on the IP Deskphone in a secure "no-touch" manner; the
IP Deskphone must be deployed to a secure network where the TFTP download of insecure
files is not transmitted over an insecure network.
Mutual Authentication
A device certificate and server certificate are required to establish TLS connection between
the IP Deskphone and the provisioning server. The server certificate must be signed by a
Certificate-based authentication
258 SIP Software for Avaya 1200 Series IP Deskphones-Administration September 2013
Comments? infodev@avaya.com