You can enable TLS for IP sets registration. If you enableTLS for IP sets registration, then you must program the DHCP Option 125/43 or 66 with the configuration server (containing the configuration file; (.cfg)) details from where the IP sets can download the certificates for registration.
The TLS configuration file must contain the following parameters:
tls user certificates SHA1 fingerprint: <20 byte SHA1 fingerprint without spaces>
tls user certificates: <URL of the location from where the IP sets can download the certificate>
TFTP server:
tls user certificates SHA1 fingerprint: ead563a24eeb18b18243b754ebe77d6404c079d5
tls user certificates: tftp:// <IP address or FQDN>/userCert.pem
FTP server:
tls user certificates SHA1 fingerprint: ead563a24eeb18b18243b754ebe77d6404c079d5
tls user certificates: ftp://user:password@<IP address or FQDN>/userCert.pem
HTTP server:
tls user certificates SHA1 fingerprint: ead563a24eeb18b18243b754ebe77d6404c079d5
tls user certificates: http://<IP address or FQDN>/userCert.pem
HTTPS server:
tls user certificates SHA1 fingerprint: ead563a24eeb18b18243b754ebe77d6404c079d5
tls user certificates: https://<IP address or FQDN>/userCert.pem
If the configuration file not is present in the configuration server, then the system uses the mitel.cfg file. If the mitel.cfg file is not present, then the default startup.cfg is used.
Only one custom CA certificate is supported.
The firmware for 53xx series IP phones must be placed in same HTTPS server as the configuration file.
The 53xx series IP phones do not support FTP and HTTP server.
The MiVoice Business Console and the 5540 IP Console support this feature.
Continue with programming DHCP option 125/43 or 66.
Log in to the Server Manager.
Under Configuration, click DHCP.
Click the Options tab.
Click Add option.
Select Vendor option, and then select Configure Mitel vendor-specific.
Click Next.
In the Configuration file location field, specify the configuration file location as follows:
For a TFTP server, enter tftp://<IP address or the FQDN of the server>.
For an FTP server, enter cfg_srvr_url=ftp://username:password@<IP addresss or the FQDN of the server>; where username and password are the login credentials for the FTP server.
For an HTTP server, enter cfg_srvr_url=http://<IP address or the FQDN of the server>.
For an HTTPS server, enter cfg_srvr_url=https://<IP address or the FQDN of the server>.
NOTE: If you using a MiVoice Business running an older release as the DHCP server, then you must program the DHCP server using the DHCP forms in the System Administration Tool. For the configuration file location, append cfg_srvr_url= to the server details. For example, cfg_srvr_url=tftp://<IP address or the FQDN of the server>.
Click Save.
Log in to the Server Manager.
Under Configuration, click DHCP.
Click the Options tab.
Click Add option.
Select Standard option, and then select 66 tftp-server-name.
Click Next.
In the Value field, specify the configuration file location as follows:
For a TFTP server, enter tftp://<IP address or the FQDN of the server>.
For an FTP server, enter ftp://username:password@<IP addresss or the FQDN of the server>; where username and password are the login credentials for the FTP server.
For an HTTP server, enter http://<IP address or the FQDN of the server>.
For an HTTPS server, enter https://<IP address or the FQDN of the server>.
Click Save.
Supported on all devices.