Aastra Telecom 41-001343-02 Manuel D’Utilisation
Operational, Basic, and Advanced Parameters
A-31
41-001343-02 REV04 – 05.2014
HTTPS Server Certificate Validation Settings
Parameter –
https block http post xml
https block http post xml
Configuration Files
aastra.cfg, <model>.cfg, <mac>.cfg
aastra.cfg, <model>.cfg, <mac>.cfg
Description
Enables or disables the blocking of XML scripts from HTTP POSTs.
Some client applications use HTTP POSTs to transfer XML scripts. The phones’s HTTP
server accepts these POSTs even if server redirection is enabled, effectively bypassing the
secure connection. When this parameter is enabled (blocking is enabled), receipt of an
HTTP POST containing an XML parameter header results in the following response:
“403 Forbidden”. This forces the client to direct the POSTs to the HTTPS server through
use of the “https://” URL.
server accepts these POSTs even if server redirection is enabled, effectively bypassing the
secure connection. When this parameter is enabled (blocking is enabled), receipt of an
HTTP POST containing an XML parameter header results in the following response:
“403 Forbidden”. This forces the client to direct the POSTs to the HTTPS server through
use of the “https://” URL.
Format
Boolean
Default Value
0 (disables blocking of XML HTTP POSTs)
Range
0 (disables blocking of XML HTTP POSTs)
1 (enables blocking of XML HTTP POSTs)
1 (enables blocking of XML HTTP POSTs)
Example
https block http post xml: 1
Parameter–
https validate certificates
https validate certificates
Configuration Files
aastra.cfg, <model>.cfg, <mac>.cfg
aastra.cfg, <model>.cfg, <mac>.cfg
Description
Enables or disables the HTTPS validation of certificates on the phone.
When this parameter is set to 1, the HTTPS client performs validation on SSL certificates
before accepting them.
When this parameter is set to 1, the HTTPS client performs validation on SSL certificates
before accepting them.
Notes:
• If you are using HTTPS as a configuration method, and use a self signed certificate, you
• If you are using HTTPS as a configuration method, and use a self signed certificate, you
must set this parameter to “0” (disabled) before upgrading to Release 2.3 of the IP
Phones.
Phones.
• Defining this parameter as "0" (disabled) significantly reduces security for the provision-
ing process to encryption only. Validation of the chain-of-trust (i.e. the originator of the
files) will not be performed if this feature is disabled. Therefore, disabling HTTPS valida-
tion of certificates is only recommended for troubleshooting purposes or when self-
signed certificates are in use.
files) will not be performed if this feature is disabled. Therefore, disabling HTTPS valida-
tion of certificates is only recommended for troubleshooting purposes or when self-
signed certificates are in use.
Format
Boolean
Default Value
1 (enabled)
Range
0 (disabled)
1 (enabled)
1 (enabled)
Example
https validate certificates: 0