Aastra Telecom 41-001343-02 User Manual

Configuration Methods

2-8

41-001343-02 REV04 – 05.2014

Authentication Support for HTTP/HTTPS Download Methods for Broadsoft Client Management System (CMS)

The IP Phones have authentication support as referenced in RFC 2617 when using HTTP or HTTPS as download proto-
cols. If a 5i Series phone is challenged by an HTTP or HTTPS server when the server attempts to download the aastra.cfg
file, the phone automatically sends "aastra" as the default Username and Password back to the server. For more informa-
tion about this feature, see Chapter 5, the section,

“Authentication Support for HTTP/HTTPS Download Methods, used

with Broadsoft Client Management System (CMS)”

page 5-272

Using HTTPS via the Aastra Web UI

HTTPS is enabled by default on the IP phones. When you open a browser window and enter an IP address or host name
for a phone using HTTP, a server redirection occurs which automatically converts an HTTP connection to an HTTPS con-
nection. After the redirection, a “Security Alert” certificate window displays alerting the user that information exchanged
with the phone cannot be viewed or changed by others. Accepting the certificate then forwards you to the phone’s Web
UI.

Reference

For more information on configuring the HTTPS protocol, see Chapter 4, the sections:

•

“Configuring the Configuration Server Protocol”

page 4-87

•

“HTTPS Client/Server Configuration”

page 4-33

Notes:

• The private key and certificate generate outside the phone and embed in the phone firmware for use by the HTTPS

server during the SSL handshake.

• Using the configuration files, the IP phone UI, or the Aastra Web UI, you can configure the following regarding HTTPS:

- Specify HTTPS security client method to use (TLS 1.0 or SSL 3.0)
- Enable or disable HTTP to HTTPS server redirect function
- HTTPS server blocking of XML HTTP POSTS to the phone