IP Security
Avaya 374x DECT Telephones - User Guide 02/2016
33
TLS Certificates
Security in Web-based applications rely on cryptography. Cryptographical systems are only as
secure as their keys. This makes Key Management a critical and often neglected concern. TLS
Certificates have emerged as a clever way of managing large scale key distribution.
Two certificate management tasks are needed for TLS:
1. Trust relationships when the device must know which third parties (e.g. IP-PBX) it shall
trust in, see 1. Trust Relationships.
2. Device certificates to authenticate the device against third parties, see 2. Certificate
Handling Options with Device Certificates.
1. Trust Relationships
Trust relationships are defined by a trust list in the device. The list contains the certificates to be
accepted by the device for TLS secured connections (e.g. HTTPS, SIPS).
For more information see Trust List
on page 84.
2. Certificate Handling Options with Device Certificates
There are three certificate handling options:
l Default Device certificate
l The default certificate is supplied with the device. It is a self-signed certificate. Self-signed
certificates provide only encryption, not authentication.
For more information see Default Device Certificate
on page 86.
l Self-signed certificates
l This option is for customers not planning on having their certificates signed by public or
private CAs. Self-signed certificates provide encryption but do in most cases not provide
authentication.
For more information see Self-signed Certificates
on page 87.
l Certificates signed by a Certificate Authority (CA).
Two options are possible:
l A) Certificates signed by the customer’s own CA. Customers possessing the
knowledge and infrastructure to house their own CA could build an internal enterprise
CA, enabling them to sign (approve) their own certificate requests. This would make
the customer a private CA.
l B) Certificates signed by a trusted public third party entity/organization. There are only
about a dozen issuers who have the authority to sign certificates for servers
worldwide. An example is VeriSign. To use a public CA for certificate approvals the
IP-DECT system would in most cases need to be connected to the Internet and hold a
To Next Page
Loading...
