➢ EXP1024-DHE-DSS-RC4-SHA
➢ EXP1024-RC4-SHA
➢ EXP1024-RC4-MD5
➢ EXP-EDH-RSA-DES-CBC-SHA
➢ EXP-EDH-DSS-DES-CBC-SHA
➢ EXP-DES-CBC-SHA
➢ EXP-RC2-CBC-MD5
➢ EXP-RC4-MD5
➢ ECDHE
The IP phone can serve as a TLS client or a TLS server. In TLS feature, we use the terms trusted
and server certificate. These are also known as CA and device certificates.
The TLS requires the following security certificates to perform the TLS handshake:
➢ Trusted Certificate: When the IP phone requests a TLS connection with a server, the IP
phone should verify the certificate sent by the server to decide whether it is trusted based
on the trusted certificates list. The IP phone has 58 built-in trusted certificates. You can
upload 10 custom certificates at most. The format of the trusted certificate files must be
*.pem,*.cer,*.crt and *.der and the maximum file size is 5MB.
➢ Server Certificate: When clients request a TLS connection with the IP phone, the IP phone
sends the server certificate to the clients for authentication. The IP phone has two types of
built-in server certificates: a unique server certificate and a custom server certificate. You
can only upload one server certificate to the IP phone. The old server certificate will be
overridden by the new one. The format of the server certificate files must be *.p12 and *.pfx
and the maximum file size is 5MB.
➢ A unique server certificate: It is unique to an IP phone (based on the MAC address) and
issued by the ALE Certificate Authority (CA).
➢ A custom server certificate: User can upload the custom certificate for authentication.
The IP phone can authenticate the server certificate based on the trusted certificates list. The
trusted certificates list and the server certificates list contain the default and custom certificates.
Common Name Validation feature enables the IP phone to mandatorily validate the common name
of the certificate sent by the connecting server. The Security verification rules are compliant with
RFC 2818.
Topic
Supported Trusted Certificates
Halo series phones trust the following CAs by default:
➢ entrust_g2_ca.pem
➢ CybertrustPublicSureServerSVCA.pem
➢ SFSRootCAG2.pem
➢ GeoTrust_Primary_CA_G2_ECC.pem
➢ AddTrustExternalCARoot.pem
➢ comodosslca.pem
➢ DigiCertHighAssuranceEVRootCA.pem
➢ GeoTrust_Global_CA.pem
➢ thawte_Primary_Root_CA.pem
➢ DSTRootCAX3.pem
➢ DigiCert_Global_Root_CA.pem
➢ letsencryptauthorityx2.pem
To Next Page
Loading...
