• SUBJ_ALT_NAME_CHECK_ENABLE Checks the Subject Alternative Attribute in the
presented certificate. The acceptable values are YES and NO. The default value is NO.
• CERT_EXPIRE is for certification expiration policy. The acceptable values are:
- DELETE_CERT
- LOG_EXPIRE
- NO_EXPIRE_LOG
• DWNLD_CFG_ACCEPT defines how TFTP configuration authenticates when there are no
customer certificates on the phone. The default value is VAL_ACCEPT The acceptable values
are:
- VAL_ACCEPT
- VAL_MANUAL_A
- VAL_MANUAL_B
• DWNLD_CFG_SIGNING defines if configuration files are forced to be signed when a customer
certificate is installed. The default is NO. The acceptable values are:
- NO - automatically accept the downloaded file without authentication
- YES - file must be signed and fully authenticated
Changes made to the security policy file have an entry in the security log file.
SECURITY_POLICY_PARAM_CHANGE
0x1055
The security log file stores only the non-sensitive information. For example, if the password is
changed, the security log file indicates this change without storing the password value.
You can use the PDT shell command to view the output of the security policy command.
The following is the output of the securitypolicy command from the PDT shell.
-> securitypolicy
CUST_CERT_ACCEPT = VAL_MANUAL_A
SEC_POLICY_ACCEPT = VAL_MANUAL_A
SIGN_SIP_CONFIG_FILES = NO
CERT_EXPIRE = DELETE_CERT
SEC_POLICY_TEXT = YES
AUTO_PRV_ACCEPT = VAL_ACCEPT
DWNLD_CFG_ACCEPT = VAL_ACCEPT
AUTO_PRV_SIGNING = NO
DWNLD_CFG_SIGNING = NO
CERT_ADMIN_UI_ENABLE = YES
SECURITY_LOG_UI_ENABLE = YES
KEY_SIZE = KEY_SIZE_1024
Security policy file updates
March 2015 SIP Software for Avaya 1200 Series IP Deskphones-Administration 273
Comments? infodev@avaya.com
To Next Page
Loading...
