AudioCodes Mediant 4000 SBC User Manual page 844
Session border controller
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (1037 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
Parameter
TLS Mutual Authentication
[SIPSRequireClientCertificate]
Peer Host Name Verification
Mode
[PeerHostNameVerificationMode]
User's Manual
Defines the device's mode of operation regarding mutual
authentication and certificate verification for TLS connections.
[0] Disable = (Default)
Device acts as a client: Verification of the server's
certificate depends on the VerifyServerCertificate
parameter.
Device acts as a server: The device does not request the
client certificate.
[1] Enable =
Device acts as a client: Verification of the server certificate
is required to establish the TLS connection.
Device acts as a server: The device requires the receipt
and verification of the client certificate to establish the TLS
connection.
Note:
For the parameter to take effect, a device reset is required.
This feature can be configured per SIP Interface (see
''Configuring SIP Interfaces'' on page 341).
The SIPS certificate files can be changed using the
parameters HTTPSCertFileName and HTTPSRootFileName.
Enables the device to verify the Subject Name of a TLS certificate
received from SIP entities for authentication and establishing TLS
connections.
[0] Disable (default).
[1] Server Only = Verify Subject Name only when acting as a
client for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
If the device receives a certificate from a SIP entity (IP Group)
and the parameter is configured to Server Only or Server &
Client, it attempts to authenticate the certificate based on the
certificate's address.
The device searches for a Proxy Set that contains the same
address (IP address or FQDN) as that specified in the certificate's
SubjectAltName (Subject Alternative Names). For Proxy Sets with
an FQDN, the device checks the FQDN itself and not the DNS-
resolved IP addresses. If a Proxy Set is found with a matching
address, the device establishes a TLS connection.
If a matching Proxy Set is not found, one of the following occurs:
If the certificate's SubjectAltName is marked as "critical", the
device rejects the call.
If the SubjectAltName is not marked as "critical", the device
checks if the FQDN in the certificate's Common Name (CN) of
the SubjectName is the same as that configured for the
TLSRemoteSubjectName parameter or for the Proxy Set. If
they are the same, the device establishes a TLS connection;
otherwise, the device rejects the call.
Note:
If you configure the parameter to Server & Client, you also
need to configure the SIPSRequireClientCertificate parameter
to Enable.
844
Mediant 4000 SBC
Description
Document #: LTRT-40203
Advertisement
Table of Contents
