Sip Over Tls (Sips); Embedded Web Server Configuration - 3Com VCX v7111 User Manual
Voip
Hide thumbs
Also See for VCX v7111:
- User manual (245 pages) ,
- Installation manual (58 pages) ,
- Product manual (15 pages)
Table of Contents
Advertisement
SIP Over TLS (SIPS)
The V7111 gateway uses TLS over TCP to encrypt SIP transport and (optionally) to
authenticate it. To enable TLS on the V7111 gateway, set the selected transport type to TLS
(SIPTransportType = 2). In this mode the gateway initiates a TLS connection only for the
next network hop. To enable TLS all the way to the destination (over multiple hops) set
EnableSIPS to 1. When a TLS connection with the gateway is initiated, the gateway also
responds using TLS regardless of the configured SIP transport type (in this case, the
parameter EnableSIPS is also ignored).
TLS and SIPS use the Certificate Exchange process described in
Replacement
and
Client
default 5061), use the TLSLocalSIPPort parameter.
When SIPS is used, it is sometimes required to use two-way authentication. When acting as
the TLS server (in a specific connection) it is possible to demand the authentication of the
client's certificate. To enable two-way authentication on the V7111 gateway, set the ini file
parameter, SIPSRequireClientCertificate = 1. For information on installing a client certificate,
see
Client
Certificates.
Embedded Web Server Configuration
For additional security, you can configure the Embedded Web Server to accept only secured
(HTTPS) connections by changing the parameter HTTPSOnly to 1 (described in
You can also change the port number used for the secured Web server (by default 443) by
changing the ini file parameter, HTTPSPort (described in
Using the Secured Embedded Web Server
To use the secured Embedded Web Server:
Access the V7111 gateway using the following URL:
1
https://[host name] or [IP address]
Depending on the browser's configuration, a security warning dialog may be displayed.
2
The reason for the warning is that the V7111 gateway initial certificate is not trusted by
your PC. The browser may allow you to install the certificate, thus skipping the warning
dialog the next time you connect to the V7111 gateway.
If you are using Internet Explorer, click
3
The browser also warns you if the host name used in the URL is not identical to the one
4
listed in the certificate. To solve this, add the IP address and host name (ACL_nnnnnn
where nnnnnn is the serial number of the V7111 gateway) to your hosts file, located at
/etc/hosts on UNIX or C:\Windows\System32\Drivers\ETC\hosts on Windows; then use
the host name in the URL (for example, https://ACL_280152).The figure below is an
example of a host file:
®
3Com
VCX V7111 VoIP Gateway User Guide
Certificates. To change the port number used for SIPS transport (by
View Certificate
Server Certificate
Table 69
).
and then
Install Certificate
Table
64).
.
333
Advertisement
Table of Contents
