No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 09

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Certificate Authority

Managing Certificate Authority

A terminal can connect to the safe work area only after obtaining a certificate issued by the CA center. The certificate authority management can import certificates in batches to facilitate terminal certificate authority management.

Prerequisites

  • SNs of IP phones for whom certificates are applied have been obtained.
  • For Workplace soft terminals for which certificates are to apply, you need to obtain the account for logging in to the Workplace soft terminal in advance. The account for logging in to the soft terminal is imported to eSight as an SN.

Context

The differences between the certificate issued by the CA center and the certificate in eSight certificate management are as follows:

  • The certificate issued by the CA center is used to check whether a terminal is valid and can connect to the safe work area.
  • The certificate in eSight certificate management is used to perform authentication on a terminal, check whether the terminal can connect to eSight, and check whether the terminal can download configuration files from the file server of eSight.

The certificate authority management supports only eSpace 79 series IP phones with the version V100R001C30SPC100B016 or later, eSpace 8950 IP phones with all versions, and Workplace-series soft terminals.

The default certificate configured for an IP phone or Workplace-series soft terminal before factory delivery cannot pass the authentication of the CA center. Therefore, the certificate cannot be directly downloaded. The eSight certificate authority management, functioning as the CA center agent, applies to the CA center for certificates for terminals. The certificate authority management can also apply for certificates for terminals in batches, facilitating the management of a large number of terminals.

The certificate authority management allows a maximum of 150 terminals to apply for certificates at the same time. The terminals that exceed the maximum automatically wait in a queue.

eSight manages IP phones using the HTTPS protocol by default. To use the certificate function, you must manually modify the related files in the eSight installation directory. For details, see Configuring HTTP Access Parameters.

Procedure

  1. Choose Resource > Collaboration > Collaboration Management > Terminal Device Management from the main menu.

  2. In the navigation tree on the left, choose Terminal Device Management > System Configuration and set URL parameters under CA Center URL Configuration.

    • In NDES URL, enter the URL of the NDES service in the CA center.
    • In CRL URL, enter the URL of the CRL service in the CA center.
      NOTE:

      Obtain the preceding URLs from onsite engineers.

    • Enter the user name and password for logging in to the CA center in User Name and Password respectively.
    • Decide whether to select Use Challenge Password based on the configuration of the CA center.

      If Use Challenge Password is selected, enter the URL used for obtaining the challenge password from the CA center in Admin URL.

    Click OK.

  3. Configure the automatic certificate deletion function.

    After the automatic certificate deletion function is enabled, eSight automatically deletes a certificate after it is downloaded by a terminal, improving security of the terminal certificate. You can determine whether to enable this function based on site requirement.

  4. In the navigation tree on the left, choose Terminal Device Management > Certificate Management > 802.1x Certificate Application.
  5. Import SNs of terminals.

    Fill in the SNs of all terminals onsite in a .txt file, save the file, and import the SNs from the .txt file to eSight.

    1. Enter the SNs of all terminals onsite in a .txt file and save the file.
      NOTE:

      Ensure that the SN of each terminal is in a single line.

    2. In the Import IP Phone SN area, click, and select the .txt file storing terminal SNs.
    3. Click Import.

      The IP Phone SN List displays the SNs of the terminals for whom certificates are to be applied.

      When terminal SNs are imported, eSight automatically applies to the CA center for certificates.

  6. Update the terminal certificate.

    The status of a terminal certificate can be:

    • waiting for apply: indicates that the SN of a terminal is waiting in a queue for eSight to apply to the CA center for a certificate.
    • normal: indicates that a certificate has been successfully applied from the CA center.
    • apply fail: indicates that eSight fails to apply to the CA center for a certificate.

      Ensure that the value of CA Center Configure is correct and click Update to refresh the status.

    • revoked: indicates that the certificate for a terminal (with a specific SN) has been revoked by the CA center because of a security threat such as private key disclosure. eSight obtains the certificate revoke list from the CA center and displays Status of the terminal as revoked in the certificate revoke list.

      To apply a certificate for the terminal again, select the SN of the terminal and click Update.

    • Deleted: A certificate is in Deleted state in either of the following situation:
      • After the automatic certificate deletion function is enabled, eSight automatically deletes a certificate after it is downloaded by a terminal.
      • You have deleted a certificate by clicking Delete Certificate after selecting the certificate.

Download
Updated: 2019-05-17

Document ID: EDOC1100011877

Views: 285298

Downloads: 550

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next