Filter
Top Products
Network Settings
41-001343-02 REV04 – 05.2014 4-37
The administrator has the option to upload their own certificates onto the phone. The phone downloads these certificates
in a file of .PEM format during boot time after configuration downloads. The user-provided certificates are saved on the
phone between firmware upgrades but are deleted during a factory default. The download of the user-provided certifi-
cates are based on a filename specified in the configuration parameter, https user certificates (Trusted Certificates
Filename in the Aastra Web UI; user-provided certificates are not configurable via the IP Phone UI).
Certificate Validation
Certificate validation is enabled by default. Validation occurs by checking that the certificates are well formed and signed
by one of the certificates in the trusted certificate set. It then checks the expiration date on the certificate, and finally, com-
pares the name in the certificate with the address for which it was connected.
If any of these validation steps fail, the connection is rejected. Certificate validation is controlled by three parameters
which you can configure via the configuration files, the IP Phone UI, or the Aastra Web UI:
• https validate certificates - Enables/disables validation.
• https validate hostname - Enables/disables the checking of the certificate commonName against the server name.
• https validate expires - Enables/disables the checking of the expiration date on the certificate.
User Interface
Certificate Rejection
When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.
Note:
Certificates that are signed by providers other than Verisign, GeoTrust or Thawte do not verify on the phone by default.
The user can overcome this by adding the root certificate of their certificate provider to the use-provided certificate
.PEM file.