Aastra Telecom 41-001343-02 IP Phone User Manual


 
Administrator Level Options
3-33 41-001343-02 REV04 – 05.2014
Cert Validation Validate Certificates https validate certificates Enables or disables the HTTPS validation of certificates on the
phone. When this parameter is set to 1, the HTTPS client per-
forms validation on SSL certificates before accepting them.
Notes:
If you are using HTTPS as a configuration method, and use a
self signed certificate, you must set this parameter to “0”
(disabled) before upgrading to Release 2.3 or later of the IP
Phones.
If you are using HTTPS and the certificates are not valid or
are not signed by Verisign, Thawte, or GeoTrust, Comodo,
Entrust, or CyberTrust, the phones fail to download config-
uration files.
Defining this parameter as "0" (disabled) significantly
reduces security for the provisioning process to encryption
only. Validation of the chain-of-trust (i.e. the originator of
the files) will not be performed if this feature is disabled.
Therefore, disabling HTTPS validation of certificates is only
recommended for troubleshooting purposes or when self-
signed certificates are in use.
For more information, see Chapter 4, “HTTPS Server Certifi-
cate Validation” on page4-36.
Check Expires Check Certificate Expira-
tion
https validate expires Enables or disables the HTTPS validation of the expiration of
the certificates. When this parameter is set to 1, the HTTPS cli-
ent verifies whether or not a certificate has expired prior to
accepting the certificate.
Note:
If the “https validate expires” parameter is set to enable, the
clock on the phone must be set for the phone to accept the
certificates.
For more information, see Chapter 4, “HTTPS Server Certifi-
cate Validation” on page4-36.
Check Hostnames Check Certificate Host-
names
https validate hostname Enables or disables the HTTPS validation of hostnames on the
phone.
For more information, see Chapter 4, “HTTPS Server Certifi-
cate Validation” on page4-36.
N/A Trusted Certificates
Filename
https user certificates Specifies a file name for a .PEM file located on the configura-
tion server. This file contains the User-provided certificates in
PEM format. These certificates are used to validate peer certif-
icates.
Note:
You must disable the “https validate certificates” parameter
in order for the phone to accept the User-provided certifi-
cates.
For more information, see Chapter 4, “HTTPS Server Certifi-
cate Validation” on page4-36.
Parameter In
IP Phone UI
Parameter in
Aastra Web UI
Parameters in Configuration
Files
Description