Customer root certificate download
The [USER_KEYS] section is added to 12xxSIP.cfg to allow the IP Deskphone to download a
customer root certificate from a provisioning server. The following is an example of the format for the
[USER_KEYS] section:
[USER_KEYS]
DOWNLOAD_MODE AUTO
PROTOCOL HTTPS
FILENAME custroot.pem
Security policy file
The security policy file defines a set of rules to determine the required actions taken by the
IP Deskphone. The following is an example of security policy file rules and default actions:
CERT_ADMIN_UI_ENABLE NO SECURITY_LOG_UI_ENABLE NO KEY_SIZE 1024
KEY_ALGORITHM KEY_ALG_RSA TLS_CIPHER RSA_WITH _AES_256_CBC_SHA
The format of the security policy file, as shown in the preceding example, is parameter-value paired.
The parameter name and value are separated by a space.
Diagnostic logs
All EAP failures are logged in the security log which include the following EAP error messages:
EAP_MD5_AUTH_FAILURE
0x1030
EAP_INVALID_DEVICE_CERTIFICATE 0x1031
EAP_INVALID_ROOT_CERTIFICATE 0x1032
EAP_TLS_AUTH_FAILURE 0x1033
EAP_PEAP_AUTH_FAILURE 0x1034
The following is a list of certificate-related events and failures logged in the Security Log.
SLC_AVAYA_CERTIFICATE_IMPORTED
0x0006
SLC_SERVICE_PROVIDER_CERTIFICATE_IMPORTED 0x0007
SLC_AVAYA_CERTIFICATE_REVOKED 0x0008
SLC_SERVICE_PROVIDER_CERTIFICATE_REVOKED 0x0009
SLC_AVAYA_CERTIFICATE_EXPIRED 0x000A
SLC_SERVICE_PROVIDER_CERTIFICATE_EXPIRED 0x000B
Table continues…
Certificate-based authentication
278 SIP Software for Avaya 1200 Series IP Deskphones-Administration March 2015
Comments? infodev@avaya.com
To Next Page
Loading...
