Deployment Tool with TLS

Transferring a Server Key Material File

Pressing the View Certificates Button on a server key material file displays the Key Material File Dialogue.

The certificates contained in the file are shown on the left-side of the dia- logue. The details of the currently selected certificate are shown on the right-side.

After the key material has been transferred to the phone, it will be used by the phone to establish its next TLS connection to the Tool. To assist in avoiding potential problems, the Tool attempts to build and validate a cer- tificate chain from the file’s contents. The resulting chain, if any, is dis- played at the top of the left-side of the dialogue. If the Tool was able to validate the chain, the relevant trusted certificate, denoted by the Trusted Certificate Icon, is shown at the end of the chain. Note that this certificate is not present in the file itself, but resides in the Tool’s list of trusted certif- icates. Any additional certificates, which were present in the file but not used in the chain, are listed below.

If the Tool fails to build and validate a chain, an error message informs the user of one of two scenarios:

The Tool was unable to find a suitable end-entity certificate. This may mean that the certificates are all CA certificates. The Tool does not search for a particular end-entity subject DN.

The Tool does not trust the chain. This means that none of the certifi- cates in the chain were issued by any of the Tool’s trusted certificates. If the chain contains CA certificates, the user can decide to trust the highest CA certificate by selecting it, and pressing the “Trust Certifi- cate” button at the bottom of the dialogue. The certificate will be add- ed to the Tool’s list of trusted certificates, while still remaining in the file.

90

Page 90
Image 90
Siemens V1.2.33 manual Transferring a Server Key Material File