Creating Self-Signed Certificates For Tls Contexts - AudioCodes E-SBC User Manual

CHAPTER 14 Security
4. From the 'Private Key Size' drop-down list, select the desired private key size (in bits) for RSA
public-key encryption for newly self-signed generated keys:
● 512
● 768
● 1024 (default)
● 2048
● 4096
5. (Optional) In the 'Private key pass-phrase' field, enter a password (passphrase) to encrypt the
private key file. If you don't want to encrypt the file, make the field blank. The default
passphrase is "audc". The passphrase can be up to 32 characters.
6. Click Generate Private-Key; a message appears requesting you to confirm key generation.
7. Click OK to confirm key generation; the device generates a new private key, indicated by a
message in the Certificate Signing Request group:
8. Continue with the certificate configuration by either creating a CSR or generating a new self-
signed certificate.
9. Save the configuration with a device reset for the new certificate to take effect.

Creating Self-Signed Certificates for TLS Contexts

You can assign a certificate that is digitally signed by the device itself to a TLS Context (i.e., self-
signed certificate). In other words, the device acts as a CA. The Issuer (e.g., "Issuer: CN=ACL_
5967925") and Subject (e.g., " Subject: CN=ACL_5967925") fields of the self-signed certificate
have the same value.
●
You can configure each TLS Context with the following:
➢
To assign a self-signed certificate to a TLS Context:
1. Before you begin, make sure of the following:
● You have a unique DNS name for the device (e.g., dns_name.corp.customer.com). The
name is used to access the device and therefore, must be listed in the server certificate.
● No traffic is running on the device. The certificate generation process is disruptive to traffic
and should be done during maintenance time.
2. Open the TLS Contexts table (see
3. In the table, select the required TLS Context index row, and then click the Change Certificate
link located below the table; the Change Certificates page appears.
The device is shipped with a default TLS Context (Index 0 and named "default"),
which includes a self-generated random private key and a self-signed server
certificate. The Common Name (CN or subject name) of the default certificate is
"ACL_nnnnnnn", where nnnnnnn denotes the serial number of the device. If this
default self-signed certificate is about to expire (less than a day), the device
automatically re-generates a new self-signed certificate.
Mediant 1000 Gateway & E-SBC | User's Manual
Configuring TLS Certificate
- 132 -
Contexts).