Mitel Deutschland GmbH 68635RFP36U-01 Manuale Utente
SIP-DECT OM System Manual
320
Certificate server
Optionally is also an automatic import of Trusted, Local Certificates and a Private Key files from an
external server possible. This can be configured on the “Certificate Server” tab.
Optionally is also an automatic import of Trusted, Local Certificates and a Private Key files from an
external server possible. This can be configured on the “Certificate Server” tab.
The following parameters allow an automatic import:
•
Active: Enable or disable the automatic import.
•
Protocol: Selects the preferred protocol (FTP, TFTP, FTPS, HTTP, HTTPS, SFTP)
•
Server: IP address or name of the server
•
User Name / Password / Password confirmation: The server account data if necessary.
•
Path: The path on the server to certificate files.
•
Trusted certificate file: The name of the PEM file on the given server including the trusted
certificates.
•
Local certificate file: The name of the PEM file on the given server including the local certificate or a
certificate chain.
•
Private key file: The name of the PEM file on the given server including the local key.
7.31.1 CERTIFICATES
The use of “TLS” or “Persistent TLS” requires the import of certificates to become operational.
Item
When Needed
Setting
Trusted
Certificates
Certificates
For TLS and Persistent
TLS
TLS
A PEM file with a list of all (self-signed) CA
certificates needed to verify remote certificates. May
also contain trusted intermediate certificates instead
of or in addition to self-signed certificates
certificates needed to verify remote certificates. May
also contain trusted intermediate certificates instead
of or in addition to self-signed certificates
In many cases there is only one certificate in this list:
The self-signed certificate which is used by the SIP
proxy and registrar or which was used to sign that
certificate.
The self-signed certificate which is used by the SIP
proxy and registrar or which was used to sign that
certificate.
Local
Certificate
Certificate
For TLS: Always
For Persistent TLS: Only
if the server verifies the
client certificate
if the server verifies the
client certificate
A PEM file with the OMM’s certificate chain
Private Key
A PEM file with the OMM’s private key
All certificates and keys must be provided as X.509 certificates in PEM file format. They must use the
RSA algorithm for their keys and signatures and MD5 or SHA-1 for their hashes.
RSA algorithm for their keys and signatures and MD5 or SHA-1 for their hashes.
Although PEM files usually contain a textual description of the certificate, only the Base64-encoded
portions between
portions between
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----