Https server certificate validation, Certificate management, Https – AASTRA 6700i series, 9143, 9480i, 9480i CT SIP Administrator Guide EN User Manual

41-001343-01 Rev 03, Release 3.2.2

4-45

HTTPS Server Certificate Validation

The HTTPS client on the IP Phones support validation of HTTPS certificates. This feature

supports the following:
• Verisign, GeoTrust, Thawte, Comodo, CyberTrust signed certificates
• User-provided certificates
• Checking of hostnames
• Checking of certificate expiration
• Ability to disable any or all of the validation steps
• Phone displays a message when a certificate is rejected (except on check-sync operations)

All validation options are enabled by default.

Certificate Management

Aastra Provided Certificates

The phones come with root certificates from Verisign, GeoTrust, Thawte, Comodo, and

CyberTrust pre-loaded.

User Provided Certificates

The administrator has the option to upload their own certificates onto the phone. The phone

downloads these certificates in a file of .PEM format during boot time after configuration

downloads. The user-provided certificates are saved on the phone between firmware upgrades but

are deleted during a factory default. The download of the User-provided certificates are based on a

filename specified in the configuration parameter, https user certificates (Trusted Certificates

Filename

in the Aastra Web UI; User-provided certificates are not configurable via the IP Phone

UI).

Note:

Certificates that are signed by providers other than Verisign,

GeoTrust or Thwate do not verify on the phone by default. The user can

overcome this by adding the root certificate of their certificate provider to

the use-provided certificate .PEM file.