400HD Series IP Phones
Administrator's Manual 202 Document #: LTRT-11950
Whenever the IP phone authenticates with a remote server, it can be authenticated using
these certificate files. Each IP phone receives a uniquely generated private key certificate file
based on its MAC address.
Note:
• If the remote server is configured to authenticate the client and AudioCodes
factory-set certificates are used for authentication, then the AudioCodes Certificate
and AudioCodes Trusted Root CA must be downloaded to the remote server. These
files can be downloaded from the AudioCodes Web site. For more information,
contact your local AudioCodes sales representative.
• If you use the AudioCodes Redirect server (see Section 10.2.7) to obtain firmware
and configuration files, then the factory-set certificates are used to authenticate the
connection with this server.
29.2 User-Generated Certificates
If an organizational certificate Infrastructure (PKI) is used, you may wish to instead use
certificates provided by your security administrator. You can define up to five additional
user-generated certificates, which can be configured to secure different types of connections
and paired with external Trusted Root CAs (see Section 29.3 0). The following remote server
connection types can be configured with user-generated certificates:
802.1x RADIUS server
SIP TLS server
HTTP/S Provisioning server
When user-generated certificates are loaded to the device to authenticate a specific
connection type, then this certificate is used to secure the connection with the assigned
connection type. For example, if you load Certificate A for connecting to an HTTPS
Provisioning server, then whenever there is an attempt by the phone to connect to a
Provisioning server, then the connection is authenticated using Certificate A.
Note:
• You can load one certificate for each connection type.
• If you do not load a certificate to support a specific connection type, then the
factory-set certificate is used to authenticate the connection. For example if you load
user-generated certificates to support Automatic Updates (Provisioning server) and
SIP TLS server connections, and there is an attempt by the phone to connect to a
RADIUS server, then this connection is authenticated using the AudioCodes
factory-set installed certificate.
• You can use the AudioCodes Trusted Root CA with a user-generated certificate.
• You can use the same certificate for different server connection types.
To Next Page
Loading...
