Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Importing a Certificate
You can import client, server, SiteCall, 802.1x, and TR069 CA authentication certificates into your endpoint. These certificates can be used to identify users, certificate authorities, and servers to improve communication security. For example, if an endpoint needs to register with a SIP server or encrypts BFCP signaling over TLS, it must have a client certificate loaded first.
Prerequisites
- Before importing a certificate, make sure it is issued by a security authority to prevent security risks.
- When applying for a certificate, specify its validity period (recommended: no more than 36 months). Import the license you have applied for at your first login to the endpoint web interface. Besides, replace the license that is to be expired in time to prevent security risks.
- Client certificate: You have obtained the required certificate from the SIP server administrator or downloaded it from a certificate authority.
- Server certificate, Server private key file, and Password for server private key file: You have downloaded the required certificate and relevant files from a certificate authority.
- Multipoint conference certificate: You have obtained the required certificate from the GK server administrator.
- 802.1x authentication certificate: You have obtained the required certificates from the network administrator.
- TR069 CA certificate: You have obtained the required certificate from the ACS administrator.
Procedure
- Choose .
The Installation page is displayed.
- Click Import Certificate.
The Import Certificate dialog box is displayed.
- Click Select File to select the
certificate you want to import.
The certificate to be imported must be in .cer, .pem, .pfx, .p7b, .p7c, .spc, .p12, .der, or .crt format.
- Select the desired certificate type.
- To import a certificate for authentication calls and when the endpoint functions as the server, select Server certificate.
- To import a certificate for authentication registration or calls and when the endpoint functions as a client (for example, registering with a SIP server or encrypting BFCP signaling over TLS), select Client certificate.
- To import a certificate used for SiteCall security, select Multipoint conference certificate.
- To import certificates used for 802.1x wired or wireless network authentication, select the desired certificates. When selecting the certificate type, choose the network type, which is Wireless and wired by default.
- The TR069 CA certificate is used to authenticate the ACS. If the management server (for example, TMS) and the file server (for example, IIS) are separately deployed, they must use the certificates issued by the same organization.
- The Server private key file and Password for server private key file are used with the Server certificate for authenticating TLS calls.
- Click Import.
- Click Return when OK is displayed.
