×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

TLS with J100 phones

TLS with J100 phones

TLS with J100 phones

(OP)
I have an IPO server edition 11.4.3 that we need to enable TLS and load a Third party certificate On the server and NO SBC involved for IX workplace .The customer have hundreds of J100 series phones on the internal network .What is the best approach with the minimum need to touch each individual set in order for the phones to get the new Third party certificate after enabling TLS on the system .I think if I added 46xxspecials.txt file with new certificate info and just reboot the phones that will force the phones to get the new certificate.Any suggestions or idea .I'm open for anything .Thanks

RE: TLS with J100 phones

In theory:
Variant 1: Prerequisite - IPO is HTTP server and 46xxsettings.txt is generated automatically
  • extend the 46xxspecials with a second RootCA (names of the certificates comma separated: TRUSTCERTS WebRootCA.pem,NameNewRootCA.pem)
  • place the new RootCA (NameNewRootCA.pem) in the primary folder of the IPO, so phone can be load it
  • reboot the J100 devices -> the phones should now have both RootCA certificates in their own Trust Store
  • exchange the ID certificate at the IPO (best with a PKCS#12 file)(check the box "offer certificate chain", because with public CA´s usually an intermediate certificate is used // alternatively the intermediate certificate can be loaded into the phone via TRUSTCERTS)
  • Reboot the phones to rebuild the TLS channel
  • If everything works, delete the 46xxspecials and reboot the phones again (the new RootCA should now be loaded via TRUSTCERTS WebRootCA.pem) Serves to "clean up" and thus simplify the later service in general

Variant 2: same prerequisite as for V1
  • disable all TLS settings in the IPO
  • reboot the phones and check in the monitor that the TCP connection (and not the TLS) is in use
  • exchange the ID certificate at the IPO (preferably with a PKCS#12 file, since the RootCA and the intermediate certificate are also written to the Trust Store of the IPO and are thus made accessible to the phones via TRUSTCERTS WebRootCA.pem)
  • reboot the phones so that the new RootCA certificate can be loaded (check with the IPO Monitor or Wireshark that this is happening)
  • reactivate all TLS settings in the IPO
In practice - see what happens and report here smile

Obviously it is of eminent relevance, that I this, what you celeprate, not optimally effective assume, since the integrate of you in the communicative system as code related terms with me no explosive associations in mental-empirical reproduction process of the mind.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close