Teo IPTelephone Network User Manual
Page 35
Security Guidelines
13-280132 Rev. Q
Page 35
Security Settings
XML Tag
Data / Description
<ocsp_va_cert>
filename.pem
</ocsp_va_cert>
The file that contains explicitly-trusted responder
certificates.
This option must be provided if the certificates are
self-signed.
filename includes the full path specification, and can
be up to 250 characters.
<ocsp_signer_cert>
filename.pem
</ocsp_signer_cert>
The file that contains the certificate used to sign the
OCSP request.
If ocsp_signer_key is not present, the private key is
read from this file. If neither option is present, then
the OCSP request is not signed.
filename includes the full path specification, and can
be up to 250 characters.
<ocsp_signer_key>
filename.pem
</ocsp_signer_key>
The file that contains the key used to sign the OCSP
request.
If this file is not present, the private key is read from
ocsp_signer_cert. If neither option is present, then the
OCSP request is not signed.
filename includes the full path specification, and can
be up to 250 characters.
<cert_private_phone>
filename.pem
</cert_private_phone>
The file that contains the certificate and private key
for the phone. The server must have the certificate
and public key in order to validate the phone.
filename includes the full path specification, and can
be up to 250 characters.
<cert_trusted_ca_list>
filename.pem
</cert_trusted_ca_list>
The file that contains a list of trusted certificate
authorities.
filename includes the full path specification, and can
be up to 250 characters.
<tls_require_cert>
ON/OFF
</tls_require_cert>
Determines whether a valid certificate is required for
a TLS connection. If set to OFF, the phone will accept
any certificate from the server as valid.
ON
OFF (default)
Important Note: This tag must reside in the XML file
AFTER the following tags:
<cert_private_phone>, <cert_trusted_ca_list>,
<ocsp_issuer_cert>, <ocsp_va_cert>,
<ocsp_signer_cert> and <ocsp_signer_key>.