Media Signaling Security

Secure Sockets Layer (SSL)

To further safeguard the security of the system, the GoAhead web server that resides on the 3300 ICP has been extended to support Secure Sockets Layer (SSL) secure communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.  SSL will prevent unauthorized access to administrative functions. SSL encrypts all traffic on the link to prevent sniffing of usernames and passwords.

The first call from a secure 3300 ICP (Release 6.0) across an IP Trunk will establish a secure link via SSL

When you connect to the 3300 ICP web server for the first time, you will get a warning message stating that the site has not been certified. To avoid future warning messages, you will need to install the Mitel Root CA certificate (security certificate).

To install the security certificate:

  1. On the Security Alert window, click View Certificate.
    The General window displays an error message. The message means that you must trust the certificate and the Certifying Authority (CA) that issued the certificate.

  2. Click Certification Path. Within the certificate chain, it is the Mitel Root CA that we need to trust.

  3. Select Mitel Networks Root CA and click View Certificate.

  4. Click Install Certificate.

  5. Click Next to navigate through the Certificate Import Wizard windows.

  6. Accept the default, Automatically select the certificate store based on the type of certificate, and click Next.

  7. Click Finish on the Completing the Certificate Import Wizard window.

  8. Click Yes on the Root Certificate Store window to add the certificate to the Root Store.

  9. Click OK to close each window you have opened during this procedure and view the web page.

  10. Note: If you are unable to install the 3300 ICP SSL Certificate into the Root Store on a Windows NT 4.0/Internet Explorer 6.0 platform, we recommend that you upgrade your browser to the latest Service Pack.  If you have upgraded IE and applied all the Windows NT 4.0 patches, and are still experiencing this problem, you can upgrade to Windows 2000 or Windows XP, or click Yes to trust the certificate each time you use the login page.