Https server certificate validation, Certificate management – Aastra Telecom CT9143i User Manual

New Features in Release 2.3

RN-001029-02, Release 2.3, Rev 00

23

SIP IP Phone Models 9143i, 9480i, 9480i CT and 5i Series Phones Release Note 2.3

HTTPS Server Certificate Validation

The HTTPS client on the IP Phones now support validation of HTTPS certificates. This new
feature supports the following:

•

Verisign, GeoTrust, and Thawte signed certificates

•

User-provided certificates

•

Checking of hostnames

•

Checking of certificate expiration

•

Ability to disable any or all of the validation steps

•

Phone displays a message when a certificate is rejected (except on check-sync operations)

All validation options are enabled by default.

Certificate Management

Aastra Provided Certificates

The phone comes with root certificates from Verisign, GeoTrust, and Thawte pre-loaded.

User Provided Certificates

The administrator has the option to upload their own certificates onto the phone. The phone
downloads these certificates in a file of .PEM format during boot time after configuration
downloads. The user-provided certificates are saved on the phone between firmware upgrades but
are deleted during a factory default. The download of the User-provided certificates are based on a
filename specified in the configuration parameter, https user certificates (Trusted Certificates
Filename in the Aastra Web UI; User-provided certificates are not configurable via the IP Phone
UI).

Note:

Certificates that are signed by providers other than Verisign,

GeoTrust or Thwate do not verify on the phone by default. The user can
overcome this by adding the root certificate of their certificate provider to
the use-provided certificate .PEM file.