Configuring Upstream Groups - AudioCodes E-SBC User Manual
Hide thumbs
Also See for E-SBC:
- User manual (1482 pages) ,
- Hardware installation manual (39 pages) ,
- User manual (887 pages)
Table of Contents
Advertisement
CHAPTER 16 Services
Parameter
'Upstream Side SSL'
upstream-use-ssl
[TcpUdpServer_
UpstreamUseSSL]
'Upstream TLS Context'
upstream-tls-
context
[TcpUdpServer_
UpstreamTLSContext]
'Upstream Verify
Certificate'
upstream-verify-
cert
[TcpUdpServer_
UpstreamVerifyCertificate]
Configuring Upstream Groups
The Upstream Groups table lets you configure up to 10 Upstream Groups. Once configured, you
can configure Upstream Hosts for the Upstream Group (see
page 270).
Mediant 1000 Gateway & E-SBC | User's Manual
Note:
■
The parameter is mandatory.
■
The NGINX directive for this parameter is "proxy_bind".
Enables SSL for securing connection requests with the
Upstream Group.
■
[0] Disable (default)
■
[1] Enable
Note:
■
If configured to Enable, you must assign a TLS Context (see
the 'Upstream TLS Context' parameter below).
■
The NGINX directive for this parameter is "proxy_ssl on".
Assigns a TLS Context for the TLS connection with the HTTP
location. To configure TLS Contexts, see
Certificate Contexts
on page 123.
Note:
■
The parameter is applicable only if the 'Upstream Side SSL'
parameter is configured to Enable (see above).
■
The NGINX directives for this parameter are "proxy_ssl_
certificate", "proxy_ssl_certificate_key", "proxy_ssl_
ciphers", "proxy_ssl_protocols", and "proxy_ssl_password_
file".
Enables TLS certificate verification of the Upstream Host on
outgoing connection requests to the Upstream Group, when the
connection is SSL.
■
[0] No = (Default) No certificate verification is done.
■
[1] Yes = The device verifies the authentication of the
certificate received from the host. The device authenticates
the certificate against the trusted root certificate store
associated with the assigned TLS Context (see 'Upstream
TLS Context' parameter above) and if ok, allows
communication with the host. If authentication fails, the
device denies communication (i.e., handshake fails). The
device can also authenticate the certificate by querying with
an Online Certificate Status Protocol (OCSP) server whether
the certificate has been revoked. This is also configured for
the associated TLS Context.
Note:
■
The parameter is applicable only if the 'Upstream Side SSL'
parameter is configured to Enable (see above).
■
The NGINX directive for this parameter is "proxy_ssl_
verify".
- 268 -
Description
Configuring TLS
Configuring Upstream Hosts
on
- Quick Links:
- Default Ip Address
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
