However, you must not use identity certificates generated using SCEP when
FIPS_ENABLED is set to 0 when the phone is configured to work in FIPS mode. The most
secure way to install identity certificate is to clear any installed identity certificate and install
PKCS#12 file after configuring the phone to FIPS mode. Thereafter, FIPS 140-2 approved
cryptographic algorithms can be used to decrypt PKCS#12 file.
• SLA Mon.
• 802.1x with EAP-MD5 or EAP-PEAP authentication. EAP-TLS is allowed.
• WML Browser.
• Push.
• HTTPSRVR. You must use TLSSRVR for file downloading.
• HTTP in OCSP_URI or Authority Information Access (AIA) of a certificate. Ensure that the
URI in OCSP_URI or AIA of a certificate is HTTPS.
• Microsoft
™
Exchange
When you enable FIPS mode, the phone reboots and runs the OpenSSL FIPS self-test. When the
test is completed successfully, the phone displays the message FIPS mode activated,
restarting…. After reboot, FIPS mode is in effect. If the FIPS-mode self-test fails, the phone
displays the message FIPS self-test failure. In this case, the phone also displays two
options:
• Program: The phone prompts for a CRAFT password. After you enter the CRAFT password,
the phone boots up in non-FIPS mode.
• Reboot: The phone reboots.
Note:
All the logs are stored in SYSLOG. These logs might be referred to for the troubleshooting
purpose.
Security configurations
January 2020 Installing and Administering Avaya 9601/9608/9611G/9621G/9641G/9641GS IP
Deskphones SIP 50
Comments on this document? infodev@avaya.com
To Next Page
Loading...
