Device certificate installation
A device certificate is a certificate used to prove the identity of the IP Deskphone to a server while
establishing various secure connections, such as TLS and HTTPS, between the IP Deskphone and
a server. Each device certificate is associated with a specific usage purpose. It is possible for one or
two device certificates to be installed on the IP Deskphone (for example, one for all TLS connections
and one for VPN). A Device Certificate Profile (DCP) allows for various combinations of sharing
device certificates among different applications. Within the DCP, you can identify one of more uses
(or purposes) for the device certificate associated with each profile, to provide a flexible model for
the sharing of device certificates among IP Deskphone applications.
The following sections describe the process used to install a device certificate on the IP Deskphone.
This process starts with defining a DCP for each device certificate that must be installed on the
IP Deskphone. See
Device certificate profiles on page 247.
The two methods used to install a device certificate on the IP Deskphone are:
• SCEP
• PKCS#12 download
SCEP is a protocol that allows the IP Deskphone to send a device certificate request to a CA server
based on a locally generated private key to provide more security for the private key (because the
private key is never transmitted, even in an encrypted form). See SCEP on page 252
PKCS#12 is an industry standard for exchanging certificate and private keys. A device certificatd
downloaded to the IP Deskphone in a PKCS#12 file contains the complete certificate including the
private key of the device certificate which is generated offline by a Certificate Authority (CA). The
PKCS#12 file is encrypted using password at the time of generation to protect the private key. See
PKCS 12 download on page 254.
For more information on defining a device certificate profile, see Device certificate profiles on
page 247.
Device certificate profiles
You can determine the method used to install a device certificate on the IP Deskphone. Each device
certificate installed on the IP Deskphone is attached to a Device Certificate Profile (DCP). The
configuration of the profiles allows you to determine the method used to install a device certificate
and provides you with some control over the device certificate attributes.
You can do the following:
• Specify the method used to obtain a device certificate for the IP Deskphone (SCEP or
PKCS#12).
• Specify the purpose of a device certificate; whether the certificate is used for EAP-TLS, or
HTTPS (for example, allow sharing of device certificates).
• Renew a device certificate obtained by SCEP.
• Customize attributes requested from a SCEP server such as the Distinguished Name (DN).
Device certificate installation
March 2015 SIP Software for Avaya 1200 Series IP Deskphones-Administration 247
Comments? infodev@avaya.com
To Next Page
Loading...
