Public

Self-signed Certificate

MiVoice Office 400 Root and host certificates

The communication server creates a self-signed root certificate and a self-signed trusted host certificate. The host certificate is downloaded onto the IP and SIP terminals. A call connection between communication server and terminal is established only if the root and host certificate match.

The certificates are renewed at regular intervals, for security reasons. You can define the intervals here. When certificates are generated, the validity period is written into the certificates. The validity period is determined by the configured interval.

After the communication server has re-generated the certificate, the root certificate is stored on the communication server file system. Depending on terminal type, the host certificate is installed on the terminal or you must install it manually:

  • IP system phones: The host certificate is automatically exchanged without limiting the normal operation.

  • Mitel SIP phones: The host certificate is automatically loaded on the phone and the phone restarts automatically.

  • SIP standard terminals You must install the host certificate manually. For this, export the MiVoice Office 400 host certificate and load it on the SIP standard phones.

notes:
  • You must manually regenerate the certificate each time the communication server IP ad­dress is changed.
  • If you extend the time period, you then need to manually generate new certificates as the active certificates will become invalid sooner. If the certificates are invalid, you will no longer be able to set up any call connections.
  • Configuration and activation of the NTP service is mandatory for time management of the certificates. You can configure this in the System / General view.
Table 1. Self-signed certificates

Parameter

Description of the parameters

Generate new certificates automatically after (days)

Here you can enter the interval at which the certificates are to be regen­erated. The interval duration also determines how long the certificates are valid.

Generate certificates at (time)

Here you can enter the time at which the certificates are to be generated. If SIP system phones are being used, it is preferable to select a time outside office hours as SIP system phones restart automatically.
Parent topic: IP Security