Teo IPTelephone Network User Manual
Page 66
Teo IP Telephone Network Administration Guide
Page 66
13-280132 Rev. Q
U
U
s
s
i
i
n
n
g
g
O
O
n
n
l
l
i
i
n
n
e
e
C
C
e
e
r
r
t
t
i
i
f
f
i
i
c
c
a
a
t
t
e
e
S
S
t
t
a
a
t
t
u
u
s
s
P
P
r
r
o
o
t
t
o
o
c
c
o
o
l
l
(
(
O
O
S
S
C
C
P
P
)
)
t
t
o
o
V
V
e
e
r
r
i
i
f
f
y
y
C
C
e
e
r
r
t
t
i
i
f
f
i
i
c
c
a
a
t
t
e
e
s
s
OSCP is an optional method of further checking the validity of the certificate sent by the
server to the phone. It checks online with other servers for certificate revocation status.
XML Tag
Data / Description
<ocsp_enable>
ON
</ocsp_enable>
Enables the Online Certificate Service Protocol
(OCSP) to check for revoked certificates during a TLS
connection between the phone and the SIP Proxy
server.
<ocsp_url>
URL
</ocsp_url>
This setting provides the URL to the OCSP responder
and is the –url argument to the OpenSSL OCSP
command. Both HTTP and HTTPS URLs can be
specified.
<ocsp_issuer_cert>
filename
</ocsp_issuer_cert>
This .pem file contains the current OSCP issuer
certificate; it is located in the same location as the
configuration files.
filename includes the full path specification, and can
be up to 250 characters.
<ocsp_va_cert>
filename
</ocsp_va_cert>
This .pem file contains explicitly-trusted responder
certificates. This option must be provided if the
certificates are self-signed. This file is located in the
same location as the configuration files.
filename includes the full path specification, and can
be up to 250 characters.
<ocsp_signer_cert>
filename
</ocsp_signer_cert>
Sign the OCSP request using the OCSPD certificate
specified in the oscp_signer_cert file and the key
specified in the oscp_signer_key file.
If neither option is present, then the OCSP request is
not signed. These files are located in the same
location as the configuration files.
filename includes the full path specification, and can
be up to 250 characters.
<ocsp_signer_key>
filename
</ocsp_signer_key>