The web server in MiVoice Business supports Secure Sockets Layer (SSL) secure communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. SSL will prevent unauthorized access to administrative functions. SSL encrypts all traffic on the link to prevent sniffing of usernames and passwords.
The first call from a secure MiVoice Business system (3300 ICP Release 6.0) across an IP Trunk will establish a secure link via SSL.
When you connect to MiVoice Business web server for the first time, you will get a warning message stating that the site has not been certified. To avoid future warning messages, you will need to install the MiVoice Business security certificate.
NOTE: SIP signaling to devices may be secured with TLS. Phones using SIP are authenticated before providing access to system features. See SIP Phone Support and SIP Trunking for the Service Provider for more information on SIP authentication.
Follow this procedure if you are using Internet Explorer or this one if you are using Firefox.
To be able to connect to 3rd-party SIP Devices that use Transport Layer Security (TLS), MiVoice Business supports the TLS protocol (RFC 2246) for message encryption. TLS is supported for SIP connections with the following endpoints:
Mitel-branded TLS-capable SIP Devices, including 5603, 5604, 5607, 5613, and 5614.
3rd party SIP devices as approved by Mitel's SIP Center of Excellence with TLS interworking
TLS is also supported for MiNET based IP sets during registration and for the MiVoice Business Console connections with the MiVoice Business system. To enable TLS, set Enable TLS for IP Set Registration to 'Yes' in the System Options form.
NOTES
TLS connections from these devices to MiVoice Business may be direct or through the MiVoice Border Gateway (Release 8.0 and later)
TLS on SIP trunks is not supported.
TLS is an upgrade to the SSL protocol. It provides confidentiality (message encryption), message integrity, and endpoint authentication. There are two authentication methods supported by TLS:
Server (unilateral) authentication, where only the server's security certificate is required
Mutual (bilateral) authentication, where both ends (the server and the client) must hold a certificate
MiVoice Business uses the Server authentication method when establishing a TLS connection from a SIP endpoint. For more information, see SIP Phone Support - Description and SIP Phone Support - Programming. Mutual (bilateral) authentication is not used.
The certificate identifies the server through its IPv4 address or the FQDN. In the MiVoice Business SIP certificate, both values are included as Common Names and Alternative Subject Names. When a new FQDN is added to the certificate or when the MiVoice Business IP address changes, the certificate is updated.
The MiVoice Business certificate is signed by the Mitel Root Certificate, which is available in two formats: DER encoded binary format and Base-64 encoded format ('mitelroot.cer'). The certificate can be installed on your PC or, if applicable, downloaded directly to your phone. To obtain the DER encoded binary format, see Installing the MiVoice Business Self-Signed Security Certificate. If the device needs the base-64 encoded format, see the device's Configuration Guide on Document Center.