Siemens V1.2.33 manual Installing the Deployment Tool, TLS Handshake Failure

Page 87

Deployment Tool with TLS

Installing the Deployment Tool

After a first installation, the Deployment Tool will automatically be config- ured with trusted certificates and a subject DN that match the phone’s de- fault key material. No configuration should be necessary until the phone’s key material is changed, by transferring new key material over the XML management interface.

On reinstalling the Deployment Tool over an existing installation, the user is prompted whether or not to replace the file “.keystore”. This is the list of CA certificates trusted by the Tool. The user can retain any changes made to the list, or revert to the default list.

If the user wishes to revert to the default subject DN, delete the line “Tar- getSubjectDN=…” from the file “DeploymentTool.props” in the Tool’s in- stallation directory.

TLS Handshake Failure

If the TLS handshake to a phone fails because the certificate chain received by the phone cannot be validated, the Operations Pane automatically pre- sents diagnostic information in the Handshake Failure Dialogue.

The left-side of the dialogue shows the certificates received from the phone. For validation, the Tool attempts to form a chain from these certifi- cates. The resulting chain, if any, is shown at the top of the left-side.

A list of additional certificates, which were received but could not be fitted into the chain, is shown underneath. The right-side of the dialogue shows the details of the currently-selected certificate.

87

Image 87
Contents Administrator Manual Contents Configuration Tab OptiPoint typesHelp Functions Parameters Deployment Tool with TLSIntroduction Supported PhonesIntroduction Operating System Screen ResolutionFTP Service RequirementsClick Start Installer for Windows Installing and Running the ProgramInstalling the Program Installing and Running the ProgramListing Connected IP Phones Listing Connected IP PhonesDevice List window Icons in the Operations window For the function Configure selected devicesIcons and Buttons Icons in the DeviceList windowCTRL+A or Creating a Device ListHiding List Columns Specifying the Number of ScansStarting a Scan Column ContentsEditing a Device List Moving List Columns164 AddressStatus MAC addressResetting the Scan Result Stopping a ScanDevice type Deleting an Entry from the Device List Selecting a Device GroupSaving a Deployment File CTRL+O or Loading the Deployment FilePreparation ConfigurationConfiguration ConfigurationFile Transfer tab Starting ConfigurationDialogs for optiPoint telephones Editing a Configuration Saving settings CTRL+S orTransfer file Minutes for optiPoint 300 advance Transferring a ConfigurationAdministrator password Minutes forVerification Starting transferStopping transfer Log fileSaving and Loading Device Groups Saving Device GroupsCtrl+B Loading Device Groups Configuration OptiPoint 400 standard HFA OptiPoint typesOptiPoint 400 standard H450 OptiPoint 400 economy HFADevice type 400 standard SIP OptiPoint 400 standard SIPOptiPoint types Device type 400standardSIP Device type 410standardHFA, 410advanceHFA OptiPoint 410 entry HFA, 410 economy HFAOptiPoint 410 standard HFA, 410 advance HFA Device type 410entryHFA, 410economyHFADevice type 600officeUP0/E OptiPoint 600 office HFAOptiPoint 600 officeUP0/E Device type 600officeHFADevice type 600officeSIP OptiPoint 600 office SIPHelp Functions Checking the StatusHelp Functions Following status messages may appear Status MessagesLog File Contacts Configuration TabAlert Indications Audio/Visual IndicationsDial Plan 400 standard SIP V2.4, 600 office SIP Country & LanguageDialling Codes Dial PlanFile Transfer 400 standard H450, 400 standard SIP 2.x/SIP File TransferFile Transfer 410 standard HFA, 410 advance HFA Instant Messaging Http SettingsParameter Setting Key 1 to 10 or Function KeysIP Routing 400 standard H450 IP RoutingDefault gateway Route Gateway Mask DNS server address Kerberos 400 standard SIP KerberosKeyset Operations 400 standard SIP V2.4, 600 office SIP Messaging ServicesKeyset Operations Key & Lamp Module 1/2Miscellaneous 410 standard HFA, 410 advance HFA PasswordsPasswords 600 office HFA, 600 office UP0/E, 600 office SIP MiscellaneousPersonal Directory PresencePresence 400 standard SIP Security 400 standard SIP V2.4/SIP V3.0, 600 office SIP Quality of ServiceQuality of Service 600 office UP0/E SecuritySelectedDialing SIP Feature ConfigurationSpeech parameters Parameter Setting PBX/Gateway Address Telephony ConfigurationTelephony Configuration 400 standard H450 Telephony Configuration 400 standard HFA, 400 economy HFATelephony Configuration 600 office HFA, 600 office UP0/E WAP TimeDescription ParametersArea code Audio ModeBeep On SIP Server Error Cancel mobility passwordConnection type Config filename prefixCodec Compression CodecDhcp Emergency number External access codeFTP password DSM application filenameGatekeeper discovery address H450 featuresFTP username Gatekeeper addressJava midlet filename IM Session TimerImport personal directory International dial prefixLAN/PC port mode Layer 2 Voice/SignalingLayer 3 Voice/Signaling Layer 2 DefaultLdap template name Line Key action modeLayer 2 Priority Ldap Server AddrMask New Domain PasswordOperating mode Loge filenamePort Number Proximity TimerPBX/Gateway Address Permit Decline CallRealm Registration TimerPstn acces code QoS L2/L3Route Ring No Reply TimerRing Seen Timer Rollover typeServer type Session TimerSecurity profile Security window secondsSIP Routing Model Snmp PasswordSIP Registrar Address SIP Registrar PortSntp Server IP Address Subscriber PasswordSnmp Trap IP Address Snmp Trap PortTime System typeTag Terminating line preferenceUnused Timer User Change PasswordTrusted Certificates File Management Vlan Method User passwordWAP Mode Vlan IdDNS Default RouteAbbreviations and Technical Terms Dial PlanFTP EpidHFA HttpKDC LED LANLdap LCDMIB PasswordMAC MCURAM PBXPing PstnSntp ROMSIP SnmpVlan UDPURI URLVoIP WAPWSP Administration Scenarios Administration ScenariosConfiguring an FTP Server Installation and ConfigurationAdministration Scenarios Deployment Tool with TLS Deployment Tool with TLSPublic Key Asymmetric Cryptography CertificatesCertificate File Formats TLSOperating the XML Management Interface over TLS Use of TLS by an IP PhoneConfiguring the Deployment Tool for TLS TLS Handshake Failure Installing the Deployment ToolTransferring Certificates to Phones Selecting a File for Transfer Transferring a Server Key Material File Transferring a Client Trusted Certificates File Ref. No. A31003-A2056-A105-63-76A9