18.7. AutoSPE Configuration (DLS) 
IMPORTANT:
This chapter is only intended as a brief overview
of the necessary steps in the Deployment Service (DLS). For a detailed
description, refer to the DLS Administrator Manual.
IMPORTANT:
If a board has a separate Management LAN interface configured, DLS
bootstrapping will use the MAN IP address instead of the VOIP IP address.
IMPORTANT:
Starting with OpenScape 4000 V7 R1.8 Secure Hash
Algorithm SHA2 (SHA224, SHA256, SHA384, SHA512) is supported. Prior
to OpenScape 4000 V7 R1.8 Auto SPE needs to be explicitly configured
for SHA128 on DLS side via a function available from DLS V7 R1.11.2.
Please refer to section 16.5.6 “SHA1 Configuration for AutoSPE” from
documentation “OpenScape Deployment Service V7, Administrator Documentation”.
The area of automatic SPE configuration in DLS enables automatic configuration
of PKI-based Signaling and Payload Encryption (SPE) for users. This is
especially useful when there is no client PKI.
DLS supports the generation and deployment of SPE CA certificates
(CA= Certificate Authority) for administered IP devices (gateways and
subscribers). When activating an SPE CA certificate, a SPE CA certificate
is generated and deployed for each administered gateway.
Via export and import, it is possible to migrate CA certificates from
one DLS to another.
With automatic SPE configuration via DLS, all subscribers that are
known in DLS also receive the CA certificate (independently of the gateway)
generated by the AutoSPE configuration. The validity of this certificate
can be checked in the security settings of the subscriber (DLS: HFA Server
Validation, Phone: Certificate Check).