No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 08

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Certificate Authority

Managing Certificate Authority

A terminal can connect to the safe work area only after obtaining a certificate issued by the CA center. The certificate authority management can import certificates in batches to facilitate terminal certificate authority management.

Prerequisites

  • For IP phones and CloudLink hard terminals for which certificates are to be applied, you need to obtain the SN number in advance.
  • For Workplace-series soft terminals and CloudLink soft terminals for which certificates are to apply, you need to obtain the account for logging in to the Workplace-series soft terminals and CloudLink soft terminal in advance. The account for logging in to the soft terminal is imported to eSight as an SN.

Context

The differences between the certificate issued by the CA center and the certificate in eSight certificate management are as follows:

  • The certificate issued by the CA center is used to check whether a terminal is valid and can connect to the safe work area.
  • The certificate in eSight certificate management is used to perform authentication on a terminal, check whether the terminal can connect to eSight, and check whether the terminal can download configuration files from the file server of eSight.

The certificate authority management supports only eSpace 79 series IP phones of V100R001C30SPC100B016 or later versions, eSpace 8950 IP phones of all versions, and CloudLink soft and hard terminals, and Workplace-series soft terminals.

The default certificate configured for an IP phone, CloudLink soft/hard terminal, or Workplace-series soft terminal before factory delivery cannot pass the authentication of the CA center. Therefore, the certificate cannot be directly downloaded. The eSight certificate authority management, functioning as the CA center agent, applies to the CA center for certificates for terminals. The certificate authority management can also apply for certificates for terminals in batches, facilitating the management of a large number of terminals.

The certificate authority management allows a maximum of 150 terminals to apply for certificates at the same time. The terminals that exceed the maximum automatically wait in a queue.

eSight manages IP phones using the HTTPS protocol by default. To use the certificate function, you must manually modify the related files in the eSight installation directory. For details, see Configuring HTTP Access Parameters.

Procedure

  1. Choose Resource > Collaboration Resource from the main menu.
  2. In the navigation tree on the left, choose Terminal Device Management > System Configuration and set URL parameters under CA Center URL Configuration.

    • In NDES URL, enter the URL of the NDES service in the CA center.
    • In CRL URL, enter the URL of the CRL service in the CA center.
      NOTE:

      Obtain the preceding URLs from onsite engineers.

    • Enter the user name and password for logging in to the CA center in User Name and Password respectively.
    • Decide whether to select Use Challenge Password based on the configuration of the CA center.

      If Use Challenge Password is selected, enter the URL used for obtaining the challenge password from the CA center in Admin URL.

    Click OK.

  3. Configure the automatic certificate deletion function.

    After the automatic certificate deletion function is enabled, eSight automatically deletes a certificate after it is downloaded by a terminal, improving security of the terminal certificate. You can determine whether to enable this function based on site requirement.

  4. In the navigation tree on the left, choose Terminal Device Management > Certificate Management > 802.1x Certificate Application.
  5. Import the terminal SN.

    Fill in the SNs of all terminals onsite in a .txt file, save the file, and import the SNs from the .txt file to eSight.

    1. Enter the SNs of all terminals onsite in a .txt file and save the file.
      NOTE:

      Ensure that the SN of each terminal is in a single line.

    2. In the Import Terminal SN area, click , and select the .txt file storing terminal SNs.
    3. Click Import.

      The Terminal SN List displays the SNs of the terminals for which certificates are to be applied.

      When terminal SNs are imported, eSight automatically applies to the CA center for certificates.

  6. Update the terminal certificate.

    The status of an IP phone certificate can be:

    • waiting for apply: indicates that the SN of an IP phone is waiting in a queue for eSight to apply to the CA center for a certificate.
    • normal: indicates that a certificate has been successfully applied from the CA center.
    • apply fail: indicates that eSight fails to apply to the CA center for a certificate.

      Ensure that the value of CA Center Configure is correct and click Update to refresh the status.

    • revoked: indicates that the certificate for a terminal (with a specific SN) has been revoked by the CA center because of a security threat such as private key disclosure. eSight obtains the certificate revoke list from the CA center and displays Status of the IP phone as revoked in the certificate revoke list.

      To apply a certificate for the terminal again, select the SN of the terminal and click Update.

    • Deleted: A certificate is in Deleted state in either of the following situation:
      • After the automatic certificate deletion function is enabled, eSight automatically deletes a certificate after it is downloaded by a terminal.
      • You have deleted a certificate by clicking Delete Certificate after selecting the certificate.

Translation
Download
Updated: 2019-08-03

Document ID: EDOC1100044378

Views: 63859

Downloads: 344

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next