AudioCodes Mediant 500 E-SBC User Manual page 731
Enterprise session border controller
digital voip media gateway
Hide thumbs
Also See for Mediant 500 E-SBC:
- Configuration note (46 pages) ,
- User manual (894 pages) ,
- Connecting manual (42 pages)
Table of Contents
Advertisement
User's Manual
Parameter
Web: TLS Client Verify Server
Certificate
EMS: Verify Server Certificate
CLI: tls-vrfy-srvr-cert
[VerifyServerCertificate]
Web: Strict Certificate Extension
Validation
CLI: require-strict-cert
[RequireStrictCert]
Web/EMS: TLS Remote Subject
Name
CLI: tls-rmt-subs-name
[TLSRemoteSubjectName]
Version 6.8
parameter is not disabled, the IP address from which the
certificate is received is compared with the addresses defined
for the Proxy Sets. If no Proxy Set with the source address is
found, the connection is refused. Otherwise, the value of
SubjectAltName field in the certificate is compared with the
addresses\ DNS Names of the classified Proxy Set. If a match
is found for any of the configured Proxies, the TLS connection
is established.
The comparison is performed if the SubjectAltName is either a
DNS name (DNSName) or an IP address. If no match is found
and the SubjectAltName is marked as 'critical', the TLS
connection is not established. If DNSName is used, the
certificate can also use wildcards ('*') to replace parts of the
domain name.
If the SubjectAltName is not marked as 'critical' and there is no
match, the CN value of the SubjectName field is compared with
the parameter TLSRemoteSubjectName. If a match is found,
the connection is established. Otherwise, the connection is
terminated.
Note: If you set this parameter to [2] (Server & Client), for this
functionality to operate, you also need to set the
SIPSRequireClientCertificate parameter to [1] (Enable).
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is
verified with the Root CA information.
[0] Disable (default)
[1] Enable
Note: If Subject Name verification is necessary, the parameter
PeerHostNameVerificationMode must be used as well.
Enables the validation of the extensions (keyUsage and
extentedKeyUsage) of peer certificates. This validation ensures
that the signing CA is authorized to sign certificates and that the
end-entity certificate is authorized to negotiate a secure TLS
connection.
[0] Disable (default)
[1] Enable
Defines the Subject Name that is compared with the name
defined in the remote side certificate when establishing TLS
connections.
If the SubjectAltName of the received certificate is not equal to
any of the defined Proxies Host names/IP addresses and is not
marked as 'critical', the Common Name (CN) of the Subject field
is compared with this value. If not equal, the TLS connection is
not established. If the CN uses a domain name, the certificate
can also use wildcards ('*') to replace parts of the domain
name.
The valid range is a string of up to 49 characters.
Note: This parameter is applicable only if the parameter
PeerHostNameVerificationMode is set to 1 or 2.
731
54. Configuration Parameters Reference
Description
Mediant 500 E-SBC
Hide quick links:
Advertisement
Table of Contents
