Since device MAC address is mentioned into the built-in certificate CN, the web server can also authorize or deny the request based on the requested URL and the presented client certificate. The Snom phone will send the built-in certificate, now the server can check the issuer of the client certificate and permit or deny the request. The TLS server can be configured to check the client identity via the TLS authentication: as described into the previous section, during the TLS handshake, the server asks the client for the certificate. In this case, make sure you are provisioning the certificate and the key in a trusted environment, see below how to provision a custom certificate. You can also specify your own client certificate in the webserver_cert setting. After confirming, your connection to the web interface will be encrypted. Usually you will have to confirm that you trust this identification since your browser could not identify your phone. You can retrieve this certificate by pointing your browser to your phone's web interface via secure HTTP (HTTPS). Every out-of-the-box Snom phone has a certificate built-in to the firmware along with its private key. In fact, no special configuration is required. The server can authorise the specific device to the resource verify the DN of the client certificate, checking the MAC within the offered certificate and the requested resource.verify the issuer of the certificate, checking the certificate signature against the Snom CA: in other words the server can make sure that the request comes from a Snom phone.Thanks to the built-in certificate, a server using the TLS protocol can: The built-in certificate contains the the device MAC address into the DN x.509 attribute. Setting-Up the phone for TLS The built-in certificateĮvery Snom phone (except the old 3xx series) is produced with a built-in TLS certificate on board.Įvery device certificate is issued by the Snom Certification Authority. When TLS is used a mutual authentication of the client and the server can be performed by the phone and the server. LDAP server providing the business contacts.Minibrowser applications served by an HTTPS server.HTTPS requests to an URL triggered by function keys. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |