AudioCodes Mediant 3000 User Manual page 675
Enterprise session border controller / voip digital media gateway
Hide thumbs
Also See for Mediant 3000:
- User manual (1070 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
User's Manual
Parameter
Web: TLS Mutual
Authentication
EMS: SIPS Require
Client Certificate
[SIPSRequireClientCert
ificate]
Web/EMS: Peer Host
Name Verification Mode
[PeerHostNameVerifica
tionMode]
Web: TLS Client Verify
Server Certificate
EMS: Verify Server
Certificate
[VerifyServerCertificate
]
Web: Strict Certificate
Extension Validation
[RequireStrictCert]
Web/EMS: TLS Remote
Subject Name
[TLSRemoteSubjectNa
me]
Version 6.6
Determines the device's behavior when acting as a server for TLS
connections.
[0] Disable = (Default) The device does not request the client
certificate.
[1] Enable = The device requires receipt and verification of the client
certificate to establish the TLS connection.
Notes:
For this parameter to take effect, a device reset is required.
The SIPS certificate files can be changed using the parameters
HTTPSCertFileName and HTTPSRootFileName.
Determines whether the device verifies the Subject Name of a remote
certificate when establishing TLS connections.
[0] Disable (default).
[1] Server Only = Verify Subject Name only when acting as a client
for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a server or
client for the TLS connection.
When a remote certificate is received and this parameter is not disabled,
the value of SubjectAltName is compared with the list of available
Proxies. If a match is found for any of the configured Proxies, the TLS
connection is established.
The comparison is performed if the SubjectAltName is either a DNS
name (DNSName) or an IP address. If no match is found and the
SubjectAltName is marked as 'critical', the TLS connection is not
established. If DNSName is used, the certificate can also use wildcards
('*') to replace parts of the domain name.
If the SubjectAltName is not marked as 'critical' and there is no match,
the CN value of the SubjectName field is compared with the parameter
TLSRemoteSubjectName. If a match is found, the connection is
established. Otherwise, the connection is terminated.
Note: If you set this parameter to [2] (Server & Client), for this
functionality to operate, you also need to set the
SIPSRequireClientCertificate parameter to [1] (Enable).
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is verified with
the Root CA information.
[0] Disable (default)
[1] Enable
Note: If Subject Name verification is necessary, the parameter
PeerHostNameVerificationMode must be used as well.
Enables the validation of the extensions (keyUsage and
extentedKeyUsage) of peer certificates. This validation ensures that the
signing CA is authorized to sign certificates and that the end-entity
certificate is authorized to negotiate a secure TLS connection.
[0] Disable (default)
[1] Enable
Defines the Subject Name that is compared with the name defined in the
remote side certificate when establishing TLS connections.
If the SubjectAltName of the received certificate is not equal to any of the
defined Proxies Host names/IP addresses and is not marked as 'critical',
675
53. Configuration Parameters Reference
Description
Mediant 3000
Advertisement
Table of Contents
Troubleshooting
