beautypg.com

Certificate validation, User interface – Aastra Telecom CT9143i User Manual

Page 28

background image

New Features in Release 2.3

24

RN-001029-02, Release 2.3, Rev 00

IP Phone Release Notes 2.3

Certificate Validation

Certificate validation is enabled by default. Validation occurs by checking that the certificates
are well formed and signed by one of the certificates in the trusted certificate set. It then checks
the expiration date on the certificate, and finally, compares the name in the certificate with the
address for which it was connected.

If any of these validation steps fail, the connection is rejected. Certificate validation is controlled
by three parameters which you can configure via the configuration files, the IP Phone UI, or the
Aastra Web UI:

https validate certificates - Enables/disables validation

https validate hostname - Enables/disables the checking of the certificate commonName
against the server name.

https validate expires - Enables/disables the checking of the expiration date on the
certificate.

User Interface

Certificate Rejection

When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.

Configuring HTTPS Server Certificate Validation via the Configuration Files

Use the following parameters to configure HTTPS server certificate validation for the IP Phones
using the configuration files.

Parameter

https validate certificates

Validate Certificates

(in Web UI)

Configuration Files

aastra.cfg, .cfg

IP Phone UI

Options->Administrator Menu->

Configuration Server->HTTPS Settings->

Cert Validation->Enable

Aastra Web UI

Advanced Settings->Network->HTTPS Settings

Description

Enables or disables the HTTPS validation of certificates on the phone.

When this parameter is set to 1, the HTTPS client performs validation on

SSL certificates before accepting them.

Note: If you are using HTTPS as a configuration method, and use a self
signed certificate, you must set this parameter to “0” (disabled) before
upgrading to Release 2.3 of the IP Phones.

Format

Boolean

Default Value

1 (enabled)

Range

0 (disabled)

1 (enabled)

Example

https validate certificates: 0

This manual is related to the following products:
See also other documents in the category Aastra Telecom Phones: