Https server certificate validation, Certificate management, Https server certificate – Aastra Telecom 9480i Series User Manual

Network Settings

4-44

41-001160-03, Rev 00, Releaes 2.4

IP Phone Administrator Guide

HTTPS Server Certificate Validation

The HTTPS client on the IP Phones support validation of HTTPS certificates.
This feature supports the following:

•

Verisign, GeoTrust, and Thawte signed certificates

•

User-provided certificates

•

Checking of hostnames

•

Checking of certificate expiration

•

Ability to disable any or all of the validation steps

•

Phone displays a message when a certificate is rejected (except on check-sync
operations)

All validation options are enabled by default.

Certificate Management

Aastra Provided Certificates

The phones come with root certificates from Verisign, GeoTrust, and Thawte
pre-loaded.

User Provided Certificates

The administrator has the option to upload their own certificates onto the phone.
The phone downloads these certificates in a file of .PEM format during boot time
after configuration downloads. The user-provided certificates are saved on the
phone between firmware upgrades but are deleted during a factory default. The
download of the User-provided certificates are based on a filename specified in
the configuration parameter, https user certificates (Trusted Certificates
Filename in the Aastra Web UI; User-provided certificates are not configurable
via the IP Phone UI).

Note:

Certificates that are signed by providers other than Verisign,

GeoTrust or Thwate do not verify on the phone by default. The user can
overcome this by adding the root certificate of their certificate provider to
the use-provided certificate .PEM file.

Draft 1