Operational, Basic, and Advanced Parameters
41-001343-02 REV04 – 05.2014 A-90
Parameter –
sips root and intermediate
certificates
Configuration Files
aastra.cfg, <model>.cfg, <mac>.cfg
Description Allows you to specify the SIP Root and Intermediate Certificate files to use when the phone
uses the TLS transport protocol to setup a call.
The Root and Intermediate Certificate files contain one root certificate and zero or more
intermediate certificates which must be placed in order of certificate signing with root cer-
tificate being the first in the file. If the local certificate is signed by some well known certif-
icate authority, then that authority provides the user with the Root and Intermediate Cer-
tificate files (most likely just CA root certificate).
This parameter is required when configuring TLS (optional for Persistent TLS.)
You can use this parameter in three ways:
• To download no certificates
• To download a certificate from the original configuration server
• To download a certificate from another specified server
To download a specific file, the string value MUST HAVE A FILENAME at the end of the
string. For example:
sips root and intermediate certificates: ftp://admin:admin!@1.2.3.4:50/path/phonesRoot-
Cert.pem
where “path” is the directory and “phonesRootCert.pem” is the filename. If you do not
specify a filename, the download fails.
See examples for each below.
Note:
The certificate files must use the format “.pem”. To create custom certificate files to use on
your IP phone, contact Aastra Technical Support.
Format <filename>.pem
Default Value Not Applicable
Range Not Applicable
Example The following example downloads no root and intermediate certificate file:
sips root and intermediate certificates:
The following example downloads the root and intermediate certificate file from the orig-
inal configuration server.
sips root and intermediate certificates: phonesRootCert.pem
The following example uses FTP to download the firmware file “phonesRootCert.pem”
(root and intermediate certificate file) from the “path” directory on server 1.2.3.4 using
port 50.
sips root and intermediate certificates: ftp://admin:admin!@1.2.3.4:50/path/phonesRoot-
Cert.pem