Aastra Telecom CT9143i manual Certificate Validation, User Interface

Page 28

IP Phone Release Notes 2.3

New Features in Release 2.3

Certificate Validation

Certificate validation is enabled by default. Validation occurs by checking that the certificates are well formed and signed by one of the certificates in the trusted certificate set. It then checks the expiration date on the certificate, and finally, compares the name in the certificate with the address for which it was connected.

If any of these validation steps fail, the connection is rejected. Certificate validation is controlled by three parameters which you can configure via the configuration files, the IP Phone UI, or the Aastra Web UI:

•https validate certificates - Enables/disables validation

•https validate hostname - Enables/disables the checking of the certificate commonName against the server name.

•https validate expires - Enables/disables the checking of the expiration date on the certificate.

User Interface

Certificate Rejection

When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.

Configuring HTTPS Server Certificate Validation via the Configuration Files

Use the following parameters to configure HTTPS server certificate validation for the IP Phones using the configuration files.

Parameter–	Configuration Files	aastra.cfg, <mac>.cfg
https validate certificates	IP Phone UI	Options->Administrator Menu->
		Configuration Server->HTTPS Settings->
Validate Certificates		Cert Validation->Enable
(in Web UI)	Aastra Web UI	Advanced Settings->Network->HTTPS Settings

Description	Enables or disables the HTTPS validation of certificates on the phone.
	When this parameter is set to 1, the HTTPS client performs validation on
	SSL certificates before accepting them.
	Note: If you are using HTTPS as a configuration method, and use a self
	signed certificate, you must set this parameter to “0” (disabled) before
	upgrading to Release 2.3 of the IP Phones.

Format	Boolean

Default Value	1 (enabled)

Range	0 (disabled)
	1 (enabled)

Example	https validate certificates: 0

24	RN-001029-02, Release 2.3, Rev 00

Image 28

Contents SIP IP Phone Page Contents WatchDog Task Feature About this Document Bootloader Requirements Release Content InformationHardware Supported Before you Upgrade Please Read Before Upgrading the Phones to ReleaseFeature Description Network Features Security FeaturesXML Features DescriptionFeature Description User Interface FeaturesTroubleshooting Features SIP FeaturesAccept out of order requests parameter to ignore Network Features Configuring LLDP-MED Using the Configuration Files Configuring LLDP-MED Using the IP Phone UI Step ActionConfiguring LLDP-MED Using the Aastra Web UI Lldp Packet IntervalSelect Basic Settings-Preferences-General Use Lldp Elin Check markDhcp Options 159 and 160 for the Configuration Server Configuring Dhcp Option Override via the Configuration FilesConfiguring Dhcp Option Override via the IP Phone UI OptionConfiguring Dhcp Option Override via the Aastra Web UI Dhcp Option 12 Hostname for the Configuration Server Changing Dhcp Option 12 Hostname via the Configuration FilesChanging Dhcp Option 12 Hostname via the IP Phone UI Click on Operation-Reset , and click Restart Changing Dhcp Option 12 Hostname via the Aastra Web UIDhcp Option 77 User Class for the Configuration Server Default Value RangeConfiguring Dhcp Option 77 User Class via the IP Phone UI Configuring Dhcp Option 77 User Class via the Aastra Web UI Multiple Dhcp Servers Configuration File Encryption Security FeaturesConfiguring Configuration File Encryption Https Server Certificate Validation Certificate ManagementUser Interface Certificate ValidationUpgrading to Release 2.3 of the IP Phones Https validate expires Enable/Disable Https Server Certificate Validation Press Change to toggle the Enable field to Yes or NoAastra Web UI TrustedCerts.pem XML Features XML Execute Commands for Playing a WAV FileXML Command Wav.Stop XML Command Wav.PlayIP Phone UI Screens During WAV Streaming RTP Recording and Simultaneous Playing not supported on Phone State Action When RTP TransmittingSending RTP Stream was being sent using this voice Phone State Action When RTP Receiving Receiving RTPExamples Dialpad Passthrough for ObjectsNew XML URI Variables Non-Blocking Action URIXML Web Applications Button XML Key Redirection Parameter Voicemail OptionExample Parameter Icom script For Options Menu on all phones and Services Menu on Options Key RedirectionOptions script Configuring the Off-Hook Interaction Feature XML Applications and Off-Hook InteractionXML URI for Key Press Simulation Feature Keys XML Key URI Description Volume KeyNavigation Keys For XML Post Messages Using XML Commands to Reset Local Data on the Phone XML Command DescriptionAction URI Disconnected Feature Example Parameter Aastra Web UIClick on Advanced Settings-Action URI-Event Preferred Line Focus Feature User Interface FeaturesPhone Feature Preferred Line Focus Behavior Configuring Preferred Line Focus via the Configuration Files Range ExampleConfiguring Preferred Line Focus via the Aastra Web UI Creating a Speeddial Key using the IP Phone UI Dialpad Speeddial Supported on All PhonesFor the 53i Creating a Speeddial Key using the Aastra Web UI Click on Operation-Keypad Speed DialUTF- 8 Codec for Multi-National Language Support Addition of New Timezone and Country Codes Time Zone Country Code/Time Time Zone Code Zone NameAsserted-Identity PAI Support in Update message SIP FeaturesDtmf Tones in Info Requests Ignore Out of Sequence Errors Enabling/Disabling Out of Order SIP RequestsSIP BLA Expires Timer Configuring SIP BLA Expirey Timer Using the Aastra Web UI Click on Advanced Settings-Global SIP-Advanced SIP SettingsWatchDog Task Feature Troubleshooting FeaturesEnabling/Disable WatchDog Using the Configuration Files Enabling/Disable WatchDog Using the Aastra Web UI Enable/Disable WatchDog TaskIssues Resolved in Release Issue Number Description of FixRobustness Contacting Aastra Telecom Support Contacting Aastra Telecom Support Page Release Notes