CHAPTER 14 Security
Parameter
[TLSContexts_
OcspServerSecondary]
'OCSP Port'
ocsp-port
[TLSContexts_
OcspServerPort]
'OCSP Default Response'
ocsp-default-response
[TLSContexts_
OcspDefaultResponse]
Assigning CSR-based Certificates to TLS Contexts
You can request a digitally signed certificate from a Certification Authority (CA) for a TLS Context.
This process is referred to as a certificate signing request (CSR) and is required if your organization
employs a Public Key Infrastructure (PKI) system. The CSR contains information identifying the
device such as a Distinguished Name (DN) and/or subject alternative names in the case of an
X.509 certificate.
➢
To assign a CSR-based certificate to a TLS Context:
1.
Open the TLS Contexts table (see
2.
In the table, select the required TLS Context, and then click the Change Certificate link
located below the table; the Change Certificates page appears.
3.
Under the Certificate Signing Request group, fill in the following information:
a.
Distinguished Name (DN) fields (uniquely identifies the device):
◆
◆
◆
◆
◆
◆
b.
If you want to generate a CSR for SAN (with multiple subject alternate names), then from
the 'Subject Alternative Name [SAN]' drop-down list, select the type of SAN (e-mail
address, DNS hostname, URI, or IP address), and then enter the relevant value. You can
configure multiple SAN names, using the 1st to 5th 'Subject Alternative Name [SAN]'
fields.
c.
From the 'Signature Algorithm' drop-down list, select the hash function algorithm (SHA-1,
SHA-256, or SHA-512) with which to sign the certificate.
●
●
Defines the OCSP server's TCP port number.
The default port is 2560.
Determines whether the device allows or rejects peer
certificates if it cannot connect to the OCSP server.
■
■
In the 'Common Name [CN]' field, enter the common name.
(Optional) In the 'Organizational Unit [OU]' field, enter the section of the organization.
(Optional) In the ' Company name [O]' field, enter the legal name of your organization.
(Optional) In the 'Locality or city name [L]' field, enter the city where your organization
is located.
(Optional) In the ' State [ST]' field, enter the state or province where your organization
is located.
(Optional) In the ' Country code [C]' field, enter the two-letter ISO abbreviation for your
country.
Fill in the fields according to you security provider's instructions.
If you leave the 'Common Name [CN]' field empty, the device generates the CSR
with the default Common Name (CN=ACL_<6-digit serial number of device>).
Description
[0] Reject (default)
[1] Allow
Configuring TLS Certificate
- 128 -
Mediant 4000 SBC | User's Manual
Contexts).