Certificate validation, User interface, Configuring https server certificate validation – AASTRA 6700i series, 9143, 9480i, 9480i CT SIP Administrator Guide EN User Manual

4-46

41-001343-01 Rev 03, Release 3.2.2

Certificate Validation

Certificate validation is enabled by default. Validation occurs by checking that the certificates

are well formed and signed by one of the certificates in the trusted certificate set. It then checks

the expiration date on the certificate, and finally, compares the name in the certificate with the

address for which it was connected.

If any of these validation steps fail, the connection is rejected. Certificate validation is controlled

by three parameters which you can configure via the configuration files, the IP Phone UI, or the

Aastra Web UI:
• https validate certificates - Enables/disables validation
• https validate hostname - Enables/disables the checking of the certificate commonName

against the server name.

• https validate expires - Enables/disables the checking of the expiration date on the

certificate.

User Interface

Certificate Rejection

When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.

An Administrator can configure HTTPS Server Certificate Validation using the configuration

files, the IP Phone UI, or the Aastra Web UI.

Configuring HTTPS Server Certificate Validation

Use the following procedures to configure the HTTPS server certificate validation on

the IP phones.

Configuration Files

For specific parameters you can set in the configuration files, see Appendix A, the section,

“HTTPS Server

Certificate Validation Settings”

on

page A-38.

Aastra IP Phone UI

Step

Action

1

Press Options, and then select Administrator Menu.

2

Select Configuration Server.