PKCS#12

Last Updated : Apr 17, 2026 |

Installing and Administering Avaya J100 Series SIP IP Phones in Avaya AuraÂ®
- Table of Contents
PKCS#12
Cookie Preference Center

Prolog information

Metadata

Keywords:

PKCS#12 is a file format that contains both the private key and the X.509 identity certificate for a phone. This file is prepared in advance by the Certificate Authority (CA) administrator and exported from the CA.

The phone supports installation of this PKCS#12 file using the following parameters:

Parameter	Type	Default	Description
PKCS12URL, PKCS12_2_URL, PKCS12_3_URL	String	Null	Specifies the URL to be used to download a PKCS #12 file containing an identity certificate and its private key. The valid value is a string of 0 to 255 ASCII characters without spaces. The value can be a string that contains either $SERIALNO which will be replaced by the telephone's serial number or $MACADDR which will be replaced by the telephone's MAC address, but it contains other characters as well. If $MACADDR is added to the URL then the PKCS12 file name on the file server shall include MAC address without colons that is 6 pairs of ASCII hexadecimal characters AABBCCDDEEFF with hex characters A-F encoded as upper-case characters. For example, if Ethernet MAC address of a specific phone is 00-24-D7-E4-2E-98 and the PKCS12URL is: pkc12file_$MACADDR.cer, then the file name of the PKCS12 file for this phone on the file server shall be: pkc12file_0024D7E42E98.cer.
PKCS12_PASSWD_RETRY, PKCS12_2_PASSWD_RETRY, PKCS12_3_PASSWD_RETRY		3	Specifies the number of times a user can retry entering the password for the PKCS#12 file. The valid values are from 0 to 100. The default value is 3. 0 means no retry. If the user fails to enter the correct password after the specified number of attempts, the phone proceeds with startup sequence without installing the PKCS#12 file.
PKCS12_USAGE PKCS12_2_USAGE PKCS12_3_USAGE		All	Specifies the list of services the client identity certificate uses from the PKCS#12 URL. The list should be a comma-separated, case-insensitive list. Available services: SIP Provisioning 802.1x LDAP Ring Central Push PPM XSI Syslog All To exclude a service, prefix it with includes all services except SIP.

Avaya J100 Series IP Phones support Client Identity Certificates with RSA 2048-bit and 4096-bit keys.

Certificates installed using the PKCS12URL parameter cannot be renewed automatically. The phone will provide proactive notifications as the Client Identity Certificate approaches its expiration date. To observe a proactive notification when Client Identity Certificates approach expiry, see: Expiry Warning.

Before the certificate expires, you must supply a new PKCS#12 file through the PKCS12URL parameter.

During each reboot or periodic update check, the phone verifies if the Client Identity Certificate file at the PKCS12URL is modified on the provisioning server. If a modification is detected, the phone installs the new PKCS#12 file. Users will be prompted to enter the password for the new PKCS#12 file.

To observe Client Identity Certificates installed on the phone, see Viewing the installed certificates using the web interface.

To delete Client Identity Certificates, see Parameters for deleting multiple identity certificates.

Installing and Administering Avaya J100 Series SIP IP Phones in Avaya AuraÂ®

PKCS#12

Was this page helpful?

Was this page helpful?

Installing and Administering Avaya J100 Series SIP IP Phones in Avaya AuraÂ®

Was this page helpful?

Was this page helpful?

Cookie Preference Center

How Avaya Uses Cookies

Performance and Analytics Cookies

How Avaya Uses Cookies

Performance and Analytics Cookies