Configuring Tls Server Certificate Expiry Check - AudioCodes Mediant 800B User Manual
Gateway & e-sbc
Hide thumbs
Also See for Mediant 800B:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
User's Manual
2.
In the TLS Contexts table (see 'Configuring TLS Certificate Contexts' on page 103),
select the required TLS Context row, and then click the Trusted Root Certificates
link located below the table; the Trusted Certificates table appears.
3.
Click the Import button, and then select the certificate file.
4.
Wait until the import operation finishes successfully.
5.
On the Web Settings page, configure the 'Require Client Certificates for HTTPS
connection' parameter to Enable.
6.
Reset the device with a save-to-flash for your settings to take effect.
When a user connects to the secured Web interface of the device:
If the user has a client certificate from a CA that is listed in the Trusted Root Certificate
file, the connection is accepted and the user is prompted for the system password.
If both the CA certificate and the client certificate appear in the Trusted Root
Certificate file, the user is not prompted for a password (thus, providing a single-sign-
on experience - the authentication is performed using the X.509 digital signature).
If the user does not have a client certificate from a listed CA or does not have a client
certificate, the connection is rejected.
Note:
•
The process of installing a client certificate on your PC is beyond the scope of this
document. For more information, refer to your operating system documentation
and/or consult with your security administrator.
•
The root certificate can also be loaded through the device's Automatic
Provisioning mechanism, using the HTTPSRootFileName ini file parameter.
•
You can enable the device to check whether a peer's certificate has been revoked
by an OCSP server per TLS Context (see 'Configuring TLS Certificate Contexts'
on page 103).
10.9
Configuring TLS Server Certificate Expiry Check
You can configure the TLS Server Certificate Expiry Check feature per TLS Context,
whereby the device periodically checks the validation date of installed TLS server
certificates. You can also configure the device to send a notification SNMP trap event
(acCertificateExpiryNotification) at a user-defined number of days before the installed TLS
server certificate is to expire. The trap indicates the TLS Context to which the certificate
belongs.
To configure TLS certificate expiry checks and notification:
1.
Open the TLS Contexts table (see 'Configuring TLS Certificate Contexts' on page
103).
2.
Select the required TLS Context index row, and then click the Change Certificate link
located below the table; the Context Certificates page appears.
Version 7.2
10. Configuring SSL/TLS Certificates
117
Mediant 800B Gateway & E-SBC
Advertisement
Table of Contents
