You can configure the IP Office platform to use certificates as follows:

• An identity certificate for each system and their local applications, including an optional separate identity certificate for management and telephony interfaces.

• Unique identity certificate self-generated by all systems when required.

• You can administer certificates using IP Office Manager or IP Office Web Manager, or obtain them automatically using Simple Certificate Enrollment Protocol (SCEP) or PKCS#10 (IP Office Linux only).

• DER and PEM for certificate file import/export, and PKCS#12 for certificate/private key pair import/export.

• A Certificate Authority on the Primary and Application Server including Subject Alternative Name support.

• The certificate processing can support 1024, 2048 and 4096 bit public RSA keys, and SHA-1, SHA-256, SHA-224 and SHA-512 hashes.

• A Trusted Certificate Store (TCS) of 64 entries minimum.

• Configurable default TCS content, restored on security settings reset.

• Individual per-service controls to enforce mutual certificate authentication where the client's certificate is requested and tested.

• Separate management and telephony received certificate check levels that provide increasingly rigorous tests. This includes a 'high' setting that tests not only the trust chain but also the presence of the received certificate in the TCS.

• Intermediate CA certificate support, both for the CAs and the identity certificate chain offered by IP Office and its applications.

• Errors, alarms, and warnings to help identify certificate issues.