Security; Configuring Ssl/Tls Certificates; Configuring Tls Certificate Contexts - AudioCodes Mediant 4000 SBC User Manual
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (930 pages)
Table of Contents
Advertisement
CHAPTER 14 Security
14
Security
This section describes the VoIP security-related configuration.
Configuring SSL/TLS Certificates
The TLS Contexts table lets you configure X.509 certificates which are used for secure
management of the device, secure SIP transactions, and other security applications.
●
●
●
Configuring TLS Certificate Contexts
The TLS Contexts table lets you configure up to 100 TLS certificates, referred to as TLS Contexts.
The Transport Layer Security (TLS), also known as Secure Socket Layer (SSL) can be used to
secure the device's SIP signaling connections or SIP over TLS (SIPS), Web (HTTPS) sessions,
Telnet sessions and SSH sessions. The TLS/SSL protocol provides confidentiality, integrity, and
authenticity between two communicating applications over TCP/IP.
The device is shipped with a default TLS Context (Index 0 and named "default"), which includes a
self-generated random private key and a self-signed server certificate. The Common Name (CN or
subject name) of the default certificate is "ACL_nnnnnnn", where nnnnnnn denotes the serial
number of the device. If this default self-signed certificate is about to expire (less than a day), the
device automatically re-generates a new self-signed certificate.
●
●
●
●
You can configure each TLS Context with the following:
■
TLS version (SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2)
■
DTLS version (DTLS 1.0 and DTLS 1.2)
■
TLS cipher suites for server and client roles (per OpenSSL syntax)
■
DH key size that is used by the device if it acts as a TLS server and DH is used for key
exchange
■
TLS certificate expiry check, whereby the device periodically checks the validation date of the
installed TLS server certificates and sends an SNMP trap event if a certificate is nearing
expiry. To configure TLS certificate expiry check, see
Expiry
Check.
The device is already shipped with an active, default TLS setup (TLS Context ID 0,
named "default"). Therefore, configure certificates only if required.
Since X.509 certificates have an expiration date and time, you must configure the
device to use Network Time Protocol (NTP) to obtain the current date and time
from an NTP server. Without the correct date and time, client certificates cannot
work. To configure NTP, see
Only Base64 (PEM) encoded X.509 certificates can be loaded to the device.
The default TLS Context cannot be deleted.
The default TLS Context can be used for SIPS or any other supported application
such as Web (HTTPS), Telnet, and SSH.
If you configure new TLS Contexts, they can be used only for SIPS.
If a TLS Context for an existing TLS connection is changed during the call by the
user agent, the device ends the connection.
Configuring Automatic Date and Time using
Configuring TLS Server Certificate
- 124 -
Mediant 4000 SBC | User's Manual
SNTP.
Advertisement
Table of Contents
Troubleshooting
