Certificate management

Last Updated : Apr 17, 2026 |
Prolog information
Metadata
Keywords:
Certificates are used to establish a secure communication between network entities. Server or mutual authentication is used to establish a secure connection between a client and a server. The client always validates the server certificate and maintains a trust store to support this validation. If the server additionally requires mutual authentication, it requests an identity certificate from the client. The client must provide the identity certificate, and the server must validate the certificate to establish mutual authentication. The server must validate the identity certificate to establish a secure connection.
Phones support three types of certificates:
  • Trusted certificates
  • Online Certificate Status Protocol (OCSP) trust certificates
  • Phone identity certificates
The Trusted and OCSP trust certificates, are root or intermediate Certification Authority (CA) certificates that are installed on the phone through the 46xxsettings.txt file.
You can use the following enhancements for installing identity certificates:
  • SCEP over HTTPS is supported for enrollment.
  • PKCS#12 file format is supported for installation.
If the log level is maintained, the users are notified through a log message WARNING with the category CERTMGMT. The logs are maintained and displayed if SYSLOG is enabled.
MIB object tables and IDs are created for certificates installed on the phone. You can view the certificate attributes through an SNMP MIB browser.
To implement DES, the phone has 64 Public CA certificates built-in. For a list of the certificates, see Public CA Certificates.