Certificate Validation, User Interface | Aastra Telecom CT9143i

IP Phone Release Notes 2.3

New Features in Release 2.3

Certificate Validation

Certificate validation is enabled by default. Validation occurs by checking that the certificates are well formed and signed by one of the certificates in the trusted certificate set. It then checks the expiration date on the certificate, and finally, compares the name in the certificate with the address for which it was connected.

If any of these validation steps fail, the connection is rejected. Certificate validation is controlled by three parameters which you can configure via the configuration files, the IP Phone UI, or the Aastra Web UI:

•https validate certificates - Enables/disables validation

•https validate hostname - Enables/disables the checking of the certificate commonName against the server name.

•https validate expires - Enables/disables the checking of the expiration date on the certificate.

User Interface

Certificate Rejection

When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.

Configuring HTTPS Server Certificate Validation via the Configuration Files

Use the following parameters to configure HTTPS server certificate validation for the IP Phones using the configuration files.

Parameter–	Configuration Files	aastra.cfg, <mac>.cfg
https validate certificates	IP Phone UI	Options->Administrator Menu->
		Configuration Server->HTTPS Settings->
Validate Certificates		Cert Validation->Enable
(in Web UI)	Aastra Web UI	Advanced Settings->Network->HTTPS Settings

Description	Enables or disables the HTTPS validation of certificates on the phone.
	When this parameter is set to 1, the HTTPS client performs validation on
	SSL certificates before accepting them.
	Note: If you are using HTTPS as a configuration method, and use a self
	signed certificate, you must set this parameter to “0” (disabled) before
	upgrading to Release 2.3 of the IP Phones.

Format	Boolean

Default Value	1 (enabled)

Range	0 (disabled)
	1 (enabled)

Example	https validate certificates: 0

24	RN-001029-02, Release 2.3, Rev 00

Image 28

Aastra Telecom CT9143i manual Certificate Validation, User Interface, Upgrading to Release 2.3 of the IP Phones

Contents

SIP IP Phone Page Contents WatchDog Task Feature About this Document Bootloader Requirements Release Content InformationHardware Supported Before you Upgrade Please Read Before Upgrading the Phones to Release Feature Description Network Features Security FeaturesXML Features Description Feature Description User Interface Features Troubleshooting Features SIP FeaturesAccept out of order requests parameter to ignore Network Features Configuring LLDP-MED Using the Configuration Files Configuring LLDP-MED Using the IP Phone UI Step Action Configuring LLDP-MED Using the Aastra Web UI Lldp Packet Interval Select Basic Settings-Preferences-General Use Lldp Elin Check mark Dhcp Options 159 and 160 for the Configuration Server Configuring Dhcp Option Override via the Configuration Files Configuring Dhcp Option Override via the IP Phone UI Option Configuring Dhcp Option Override via the Aastra Web UI Dhcp Option 12 Hostname for the Configuration Server Changing Dhcp Option 12 Hostname via the Configuration Files Changing Dhcp Option 12 Hostname via the IP Phone UI Click on Operation-Reset , and click Restart Changing Dhcp Option 12 Hostname via the Aastra Web UI Dhcp Option 77 User Class for the Configuration Server Default Value Range Configuring Dhcp Option 77 User Class via the IP Phone UI Configuring Dhcp Option 77 User Class via the Aastra Web UI Multiple Dhcp Servers Configuration File Encryption Security FeaturesConfiguring Configuration File Encryption Https Server Certificate Validation Certificate Management User Interface Certificate ValidationUpgrading to Release 2.3 of the IP Phones Https validate expires Enable/Disable Https Server Certificate Validation Press Change to toggle the Enable field to Yes or No Aastra Web UI TrustedCerts.pem XML Features XML Execute Commands for Playing a WAV File XML Command Wav.Stop XML Command Wav.PlayIP Phone UI Screens During WAV Streaming RTP Recording and Simultaneous Playing not supported on Phone State Action When RTP TransmittingSending RTP Stream was being sent using this voice Phone State Action When RTP Receiving Receiving RTP Examples Dialpad Passthrough for Objects New XML URI Variables Non-Blocking Action URIXML Web Applications Button XML Key Redirection Parameter Voicemail OptionExample Parameter Icom script For Options Menu on all phones and Services Menu on Options Key Redirection Options script Configuring the Off-Hook Interaction Feature XML Applications and Off-Hook Interaction XML URI for Key Press Simulation Feature Keys XML Key URI Description Volume KeyNavigation Keys For XML Post Messages Using XML Commands to Reset Local Data on the Phone XML Command Description Action URI Disconnected Feature Example Parameter Aastra Web UI Click on Advanced Settings-Action URI-Event Preferred Line Focus Feature User Interface FeaturesPhone Feature Preferred Line Focus Behavior Configuring Preferred Line Focus via the Configuration Files Range Example Configuring Preferred Line Focus via the Aastra Web UI Creating a Speeddial Key using the IP Phone UI Dialpad Speeddial Supported on All Phones For the 53i Creating a Speeddial Key using the Aastra Web UI Click on Operation-Keypad Speed Dial UTF- 8 Codec for Multi-National Language Support Addition of New Timezone and Country Codes Time Zone Country Code/Time Time Zone Code Zone Name Asserted-Identity PAI Support in Update message SIP FeaturesDtmf Tones in Info Requests Ignore Out of Sequence Errors Enabling/Disabling Out of Order SIP Requests SIP BLA Expires Timer Configuring SIP BLA Expirey Timer Using the Aastra Web UI Click on Advanced Settings-Global SIP-Advanced SIP Settings WatchDog Task Feature Troubleshooting FeaturesEnabling/Disable WatchDog Using the Configuration Files Enabling/Disable WatchDog Using the Aastra Web UI Enable/Disable WatchDog Task Issues Resolved in Release Issue Number Description of Fix Robustness Contacting Aastra Telecom Support Contacting Aastra Telecom Support Page Release Notes