Network Settings
4-36 41-001343-02 REV04 – 05.2014
HTTPS Server Certificate Validation
The HTTPS client on the IP Phones support validation of HTTPS certificates. This feature supports the following:
• Verisign, GeoTrust, Thawte, Comodo, Entrust, and CyberTrust signed certificates
• User-provided certificates
• Checking of hostnames
• SSL Wildcard certificate (i.e. SSL certificate specifying the Common Name as a wildcard [e.g. CN=*.company.com]) sup-
port.
• Checking of certificate expiration
• Ability to disable any or all of the validation steps
• Phone displays a message when a certificate is rejected (except on check-sync operations)
All validation options are enabled by default.
Certificate Management
Aastra Provided Certificates
The phones come with root certificates from Verisign, GeoTrust, Thawte, Comodo, Entrust, and CyberTrust pre-loaded.
User Provided Certificates
Aastra Web UI
1. Click on Advanced Settings->Network->HTTPS Settings.
2. Select an HTTPS client method to use from the HTTPS Client Method field. Valid values are:
• SSL 3.0 (default)
• TSL 1.0
3. Enable HTTP to HTTPS redirect by checking the HTTPS Server - Redirect HTTP to HTTPS field check box. (Disable this field by unchecking
the check box). Default is disabled.
4. Enable the blocking of XML HTTP POSTs by the HTTPS server by checking the HTTPS Server - Block XML HTTP POSTs field check box. (Dis-
able this field by unchecking the check box). Default is disabled.
5. Click Save Settings to save your settings.
Note:
The IP Phones do not support the transmission of HTTPS client certificates for validation by HTTPS servers. If the IP
Phone attempts to download files from an HTTPS server that requires a client certificate during a file download trans-
action, a “No Certificate” error will occur and be logged on the IP Phone (viewable under the Options->Phone Status
->Error Messages menu in the IP Phone UI or on the Troubleshooting page of the respective IP Phone’s Web UI).