3.3.1.5.1 Server Certificate Replacement
The device is supplied with a working Secure Socket Layer (SSL) configuration consisting
of a unique self-signed server certificate. If an organizational Public Key Infrastructure
(PKI) is used, you may wish to replace this certificate with one provided by your security
administrator.
To replace the device's self-signed certificate:
1.
Your network administrator should allocate a unique DNS name for the device (e.g.,
dns_name.corp.customer.com). This DNS name is used to access the device and
therefore, must be listed in the server certificate.
2.
If the device is operating in HTTPS mode, then set the HTTPSOnly parameter to
'HTTP and HTTPS' (0) - see ''Configuring Web Security Settings'' on page 76. This
ensures that you have a method for accessing the device in case the new certificate
doesn't work. Restore the previous setting after testing the configuration.
3.
Open the 'Certificates Signing Request' page (Configuration tab > System menu >
Certificates).
4.
In the 'Subject Name' field, enter the DNS name, and then click Generate CSR. A
textual certificate signing request that contains the SSL device identifier is displayed.
5.
Copy this text and send it to your security provider. The security provider (also known
as Certification Authority or CA) signs this request and then sends you a server
certificate for the device.
6.
Save the certificate to a file (e.g., cert.txt). Ensure that the file is a plain-text file
containing the 'BEGIN CERTIFICATE' header, as shown in the example of a Base64-
Encoded X.509 Certificate below:
SIP User's Manual
Figure 3-29: Certificates Signing Request Page
70
Mediant 800 MSBG
Document #: LTRT-12804