AudioCodes Mediant 500L User Manual page 1046
Enterprise session border controller (e-sbc)
& media gateway
Hide thumbs
Also See for Mediant 500L:
- User manual (1042 pages) ,
- Hardware installation manual (54 pages) ,
- Installation manual (44 pages)
Table of Contents
Advertisement
Parameter
TLS Client Verify Server
Certificate
configure network/security-
settings/tls-vrfy-srvr-cert
[VerifyServerCertificate]
TLS Remote Subject Name
configure network/security-
settings/tls-rmt-subs-name
[TLSRemoteSubjectName]
TLS Expiry Check Start
expiry-check-start
User's Manual
[0] Disable (default).
[1] Server Only = Verify Subject Name only when acting as a
client for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
If the device receives a certificate from a SIP entity (IP Group)
and the parameter is configured to Server Only or Server &
Client, it attempts to authenticate the certificate based on the
certificate's address.
The device searches for a Proxy Set that contains the same
address (IP address or FQDN) as that specified in the certificate's
SubjectAltName (Subject Alternative Names). For Proxy Sets with
an FQDN, the device checks the FQDN itself and not the DNS-
resolved IP addresses. If a Proxy Set is found with a matching
address, the device establishes a TLS connection.
If a matching Proxy Set is not found, one of the following occurs:
If the certificate's SubjectAltName is marked as "critical", the
device rejects the call.
If the SubjectAltName is not marked as "critical", the device
checks if the FQDN in the certificate's Common Name (CN) of
the SubjectName is the same as that configured for the
TLSRemoteSubjectName parameter or for the Proxy Set. If
they are the same, the device establishes a TLS connection;
otherwise, the device rejects the call.
Note:
If you configure the parameter to Server & Client, you also
need to configure the SIPSRequireClientCertificate parameter
to Enable.
For FQDN, the certificate may use wildcards (*) to replace
parts of the domain name.
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is
verified with the Root CA information.
[0] Disable (default)
[1] Enable
Note: If Subject Name verification is necessary, the parameter
PeerHostNameVerificationMode must be used as well.
Defines the Subject Name that is compared with the name
defined in the remote side certificate when establishing TLS
connections.
If the SubjectAltName of the received certificate is not equal to
any of the defined Proxies Host names/IP addresses and is not
marked as 'critical', the Common Name (CN) of the Subject field is
compared with this value. If not equal, the TLS connection is not
established. If the CN uses a domain name, the certificate can
also use wildcards ('*') to replace parts of the domain name.
The valid range is a string of up to 49 characters.
Note: The parameter is applicable only if the parameter
PeerHostNameVerificationMode is set to 1 or 2.
Defines the number of days before the installed TLS server
certificate is to expire at which the device must send a trap
1046
Mediant 500L Gateway & E-SBC
Description
Document #: LTRT-10532
- Quick Links:
- Product Overview
Hide quick links:
Advertisement
Table of Contents
