Security Certificates

Last Updated : Aug 27, 2020 |

The phone allow an initial connection to an HTTPS file server without validating the certificate chain as long as the server certificate name is validated. Then the phone will download TRUSTCERTS from the HTTPS server which should include a root CA for the HTTPS server certificate. So when the phone is rebooted it will have the proper TRUSTCERTS to fully validate the HTTPS connection.

  • Local Extension: If the phone is installed in the local network, the phone initially downloads the system's root certificate using an unsecured HTTP connection. You need to ensure that the system's root certificates have been installed in the system's Trusted Secure Certificate store, see Adding a root CA certificate to the IP Office Trusted Certificate Store.

  • Remote Worker Extensions: In case when the phone is installed in the remote network, the IP Office system's root certificate need to be pre-installed on the phone. This can be done as follows:

    • Option 1: Connect the phone to the local network and make sure that the phone's HTTP server points to the IP Office system. In the initial installation, the phone will download the IP Office's root certificates.

    • Option 2: Using a 3rd-party HTTP server, place the IP Office root certificate WebRootCA.pem that on the file server. Configure the remote phone to use that HTTP server

Related information
Using the IP Office Certificate
Adding a root CA certificate to the IP Office Trusted Certificate Store
Create an identity certificate for the IP Office
Adding the identity certificate to the IP Office
File server certification