AudioCodes Mediant 3000 User Manual page 135
Media gateway & enterprise session border
controller (e-sbc)
Hide thumbs
Also See for Mediant 3000:
- User manual (984 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
User's Manual
To enable mutual TLS authentication for HTTPS:
1.
On the Web Security Settings page (see ''Configuring Web Security Settings'' on page
90), configure the 'Secured Web Connection (HTTPS)' field to HTTPS Only. The
setting ensures that you have a method for accessing the device in case the client
certificate doesn't work. Restore the previous setting after testing the configuration.
2.
In the TLS Contexts table (see ''Configuring TLS Certificate Contexts'' on page 123),
select the required TLS Context row, and then click the TLS Context Trusted Root
Certificates
appears.
3.
Click the Import button, and then select the certificate file.
4.
Wait until the import operation finishes successfully.
5.
On the Web Security Settings page, configure the 'Requires Client Certificates for
HTTPS connection' field to Enable.
6.
Reset the device with a burn-to-flash for your settings to take effect.
When a user connects to the secured Web interface of the device:
If the user has a client certificate from a CA that is listed in the Trusted Root Certificate
file, the connection is accepted and the user is prompted for the system password.
If both the CA certificate and the client certificate appear in the Trusted Root
Certificate file, the user is not prompted for a password (thus, providing a single-sign-
on experience - the authentication is performed using the X.509 digital signature).
If the user does not have a client certificate from a listed CA or does not have a client
certificate, the connection is rejected.
Notes:
•
The process of installing a client certificate on your PC is beyond the scope of this
document. For more information, refer to your operating system documentation,
and/or consult your security administrator.
•
The root certificate can also be loaded via the Automatic Update facility, using the
HTTPSRootFileName ini file parameter.
•
You can enable the device to check whether a peer's certificate has been revoked
by an OCSP server per TLS Context (see ''Configuring TLS Certificate Contexts''
on page 123).
Version 7.0
button, located below the table; the Trusted Certificates page
135
11. Configuring SSL/TLS Certificates
Mediant 3000
Advertisement
Table of Contents
