Table of Contents
Advertisement
Grey Headline (continued)
Security
Overview
For extra security, you may wish to have the VCS communicate
with other systems (e.g. servers such as LDAP servers, neighbor
VCSs, or clients such as SIP endpoints) using TLS encryption.
For this to work successfully in a connection between a client
and server:
•
the server must have a certificate installed that verifies its
identity. This certificate must be signed by a Certificate
Authority (CA).
•
the client must trust the CA that signed the certificate used
by the server.
The VCS allows you to install appropriate files so that it can act
as either a client or a server in connections using TLS.
For an endpoint to VCS connection, the VCS will be the
TLS server. For a VCS to LDAP server connection, the
VCS will be a client. For a VCS to VCS connection either
VCS may be the client with the other VCS being the TLS server.
Overview and
Introduction
Getting started
status
D14049.05
February 2009
To enable security using the web interface:
•
Maintenance > Security
You will be taken to the
The files that enable secure connections over TLS are
installed using the web interface. They cannot be
installed using the CLI.
Trusted CA certificate
The
Select the file containing trusted CA certificates
you to upload a PEM file that identifies the list of Certificate
Authorities trusted by the VCS. The VCS will only accept
certificates signed by a CA on this list. If you are connecting to an
LDAP database using TLS encryption, the certificate used by the
LDAP database must be signed by a CA on this list.
After you have selected the file, click
upload it.
If a CA certificate has already been uploaded, the
certificate
button will be visible. Clicking on this shows you the
currently uploaded PEM file.
System
VCS
Zones and
configuration
configuration
neighbors
Enabling security
.
Security
page.
field allows
Upload CA certificate
to
Show CA
Call
Bandwidth
processing
control
159
TANDBERG
VIDEO COMMUNICATIONS SERVER
Server certificate data
Select the server private key file
Allows you to upload a PEM file that identifies the private key
used to encrypt the server certificate used by the VCS.
This private key must not be password protected.
Select the server certificate file
Allows you to upload a PEM file that contains the server
certificate used for HTTPS connections to the VCS from user or
administrator web browsers, and by SIP endpoints or servers
connecting to the VCS over TLS.
Show server certificate
Click here to view the currently uploaded PEM file containing the
certificate used by the VCS to identify itself to SIP and HTTPS
clients when communicating over SSL/TLS.
Upload server certificate data
Click here once you have selected both the private key and
certificate files to upload them.
Reset to default server certificate
Click here to replace the current server certificate with the
default certificate that shipped with the VCS.
Firewall
Applications
Maintenance
traversal
ADMINISTRATOR GUIDE
Appendices
Advertisement
Table of Contents
