Deployment Tool with TLS

Installing the Deployment Tool

After a first installation, the Deployment Tool will automatically be config- ured with trusted certificates and a subject DN that match the phone’s de- fault key material. No configuration should be necessary until the phone’s key material is changed, by transferring new key material over the XML management interface.

On reinstalling the Deployment Tool over an existing installation, the user is prompted whether or not to replace the file “.keystore”. This is the list of CA certificates trusted by the Tool. The user can retain any changes made to the list, or revert to the default list.

If the user wishes to revert to the default subject DN, delete the line “Tar- getSubjectDN=…” from the file “DeploymentTool.props” in the Tool’s in- stallation directory.

TLS Handshake Failure

If the TLS handshake to a phone fails because the certificate chain received by the phone cannot be validated, the Operations Pane automatically pre- sents diagnostic information in the Handshake Failure Dialogue.

The left-side of the dialogue shows the certificates received from the phone. For validation, the Tool attempts to form a chain from these certifi- cates. The resulting chain, if any, is shown at the top of the left-side.

A list of additional certificates, which were received but could not be fitted into the chain, is shown underneath. The right-side of the dialogue shows the details of the currently-selected certificate.

87

Page 87
Image 87
Siemens V1.2.33 manual Installing the Deployment Tool, TLS Handshake Failure