Versions Compared

Old Version 1

changes.mady.by.user user-53c2a

Saved on

compared with

New Version 2

changes.mady.by.user user-53c2a

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Latest update


Procedure to set HTTP User and Password as well as the Administrator Password

On first run of Snom we strongly recommend that you secure the web interface in order to protect your phone against remote attacks. Therefore the HTTP User and Password as well as the Administrator Password should be changed from the default value.

Image Added

Setting-Up the phone for TLS

Server Authentication

Your phone also acts as a client in a couple of cases. E.g. if you register to a secure SIP proxy or if you open a Action URL over HTTPS. Normally, you do not need to worry about the server identification. Snom phones do not verify server identities by default. From FW version 8.2.30 you can explicitly state to verify server certificates though. You can activate the feature on the certificates page of the web interface:

Image Added

Please carefully enable the feature. The phone will reject all secure connections of peers offering an unknown certificate that could not be verified by one of build-in CA's of the snom phone. Please refer to theCertificate Authorities tab to see which authorities are supported by the phone. Due to security concerns, you can only disable the feauture by resetting the phone to the factory defaults.

Adding Unknown Certificates

The phone will reject a connection if it could not verify the identification with the delivered certificate from the server. A notify appears on the screen:

Image Added

A certificate is trusted if its signature is signed by a certificate authority. Snom has pre-installed a couple of CA's which are listed on the Certificate Authorities tab of the Certificates page:

Image Added

All rejected certificates are listed in the Unknown Certificates tab. If you persist on trusting the identification you can add it as an exception:

Image Added

Henceforward, the certificate is listed in the Server Certificates tab and a connection to this identification is no longer rejected. Currently, this is the only way to add unknwon server certificates to the phone.

Manually Uploading Certificates

In admin mode, you can manually upload certificates in the Unknown Certificates tab. Every attempt to upload a unknown certificate will fail. Please refer to the log and assure your certificate is in DER format and is either signed by one of phone's authorities or server certificates.

Procedure for upgrade firmware

Warning

The official firmware supported by PrivateWave is 8.4.35 .

...