No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Administrator Guide

HUAWEI IP Phone 7920 and 7960 V600R006C00

Describes the deployment, configuration, and maintenance of HUAWEI IP Phone 7920/7960.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Multi-Certificate Support

Multi-Certificate Support

This section describes how to apply for, import, and view certificates.

Context

HUAWEI IP Phone 7920/7960 can apply for certificates from the certificate server in Proprietary Protocol mode. You can also import certificates on the phone web page. HUAWEI IP Phone 7920/7960 supports a maximum of ten root certificates and one device certificate.

  • A root certificate is used to verify the identity of other devices that interact with HUAWEI IP Phone 7920/7960.
  • A device certificate shows the identity of HUAWEI IP Phone 7920/7960 during phone authentication.
NOTE:
  • The root certificate of HUAWEI IP Phone 7920/7960 needs to be compatible with eSight and eSpace EMS; therefore, sha1 and RSA encryption algorithms are required for the root certificate.
  • The following encryption suites are supported:
    • TLS_RSA_WITH_AES_128_GCM_SHA256
    • TLS_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_256_CBC_SHA256
  • If the existing root directory is to be updated, the file name of the new certificate must be the same as that of the certificate to be replaced.
  • To ensure the security of your IP phone, replace the root certificate and device certificate in time after installing your IP phone.
  • The phone system time must be within the certificate validity period. It is recommended that you configure the NTP server for time accuracy.

Applying for a Certificate Using the Proprietary Protocol

You can download a device certificate or root certificate in proprietary protocol mode using any of the methods described in the following table.

Table 5-12 Certificate download

Method

Details

eSight

When the IP phone fails to be authenticated using EAP-TLS for network access, it automatically obtains the new device certificate and key from the CA server.

DHCP Option 246

Upload the required certificate to the server, and deliver the certificate to the IP phone using DHCP Option 246.

Web

  1. On the phone web page, choose Advanced > Server and fill out the CA server address and port number on the page that is displayed.
    NOTE:

    The IP addresses of the active and standby CA servers can be obtained in SRV mode according to the CA server domain name.

  2. Choose Advanced > Certificates, select Proprietary Protocol, and click Apply for Certificate.

LCD

  1. Choose Apps > Advanced > Server > CA Server and fill out the CA server address and port number on the page that is displayed.
  2. Choose Apps > Advanced > Network > Apply for Certificate, select Proprietary Protocol, and click Obtain.

Importing a Certificate on the Web Page

On the phone web page, you can directly import the locally stored device certificate, root certificate, and device key to the IP phone.

  1. Log in to the phone web page as the admin user.
  2. Choose Advanced > Certificates.
  3. Import the locally stored root certificate, device certificate, device key and key password.
NOTE:
  • The root certificate, device certificate, device key and key password need to be imported orderly.
  • The file name cannot contain such characters as ; / ? : @ & # ' = + $ ,.

Viewing Root and Device Certificates

To view on the phone web page

  1. Log in to the phone web page as the admin user.
  2. Choose Advanced > Certificates.

    You can view the version, SN, issuer, owner, effective period (start date and end date), and key about the device certificate and root certificate on the Certificates page.

    The following built-in root certificates are provided in a phone when the phone is delivered from the factory:

    • Huawei Enterprise UC&C ProductLine CA
    • huawei_ca
    • Huawei Cloud Core Network Product CA
    • Symantec Class 3 Secure Server CA
    • ucems.huawei.com
    • VeriSign Class 3 Public Primary Certification Authority
    • www.example.com

You can delete a selected root certificate using the corresponding button on the phone web page.

NOTE:

After the IP phone is restored to factory settings, the built-in root certificate that has been deletedcan be restored.

To view on the phone LCD screen

You can choose Apps > Status > Certificates on the phone screen to view information about the device certificate and root certificate.

Translation
Download
Updated: 2019-03-06

Document ID: EDOC1100036652

Views: 21328

Downloads: 44

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next