41-001343-01 Rev 02, Release 3.2.2 4-45HTTPS Server Certificate ValidationThe HTTPS client on the IP Phones support validation of HTTPS certificates. This featuresupports the following:• Verisign, GeoTrust, Thawte, Comodo, CyberTrust signed certificates• User-provided certificates• Checking of hostnames• Checking of certificate expiration• Ability to disable any or all of the validation steps• Phone displays a message when a certificate is rejected (except on check-sync operations)All validation options are enabled by default.Certificate ManagementAastra Provided CertificatesThe phones come with root certificates from Verisign, GeoTrust, Thawte, Comodo, andCyberTrust pre-loaded.User Provided CertificatesThe administrator has the option to upload their own certificates onto the phone. The phonedownloads these certificates in a file of .PEM format during boot time after configurationdownloads. The user-provided certificates are saved on the phone between firmware upgrades butare deleted during a factory default. The download of the User-provided certificates are based on afilename specified in the configuration parameter, https user certificates (Trusted CertificatesFilename in the Aastra Web UI; User-provided certificates are not configurable via the IP PhoneUI).Note: Certificates that are signed by providers other than Verisign,GeoTrust or Thwate do not verify on the phone by default. The user canovercome this by adding the root certificate of their certificate provider tothe use-provided certificate .PEM file.