Aastra Telecom 9480i Series User Manual

41-001160-03, Rev 00, Releaes 2.4

4-45

Configuring Network and Session Initiation Protocol (SIP) Features

Certificate validation is enabled by default. Validation occurs by checking that the 
certificates are well formed and signed by one of the certificates in the trusted 
certificate set. It then checks the expiration date on the certificate, and finally, 
compares the name in the certificate with the address for which it was connected.

If any of these validation steps fail, the connection is rejected. Certificate 
validation is controlled by three parameters which you can configure via the 
configuration files, the IP Phone UI, or the Aastra Web UI:

•

https validate certificates - Enables/disables validation

•

https validate hostname - Enables/disables the checking of the certificate 
commonName against the server name.

•

https validate expires - Enables/disables the checking of the expiration date 
on the certificate.

When the phone rejects a certificate, it displays, "Bad Certificate" on the LCD.

An Administrator can configure HTTPS Server Certificate Validation using the 
configuration files, the IP Phone UI, or the Aastra Web UI.

Use the following procedures to configure the HTTPS server certificate 
validation on the IP phones.

For specific parameters you can set in the configuration files, see Appendix A, the section, 

page A-35.

Draft 1