Assigning Csr-Based Certificates To Tls Contexts - AudioCodes Mediant 800 User Manual

CHAPTER 14 Security
Parameter
'Secondary OCSP Server'
ocsp-server-secondary
[TLSContexts_
OcspServerSecondary]
'OCSP Port'
ocsp-port
[TLSContexts_
OcspServerPort]
'OCSP Default Response'
ocsp-default-response
[TLSContexts_
OcspDefaultResponse]

Assigning CSR-based Certificates to TLS Contexts

You can request a digitally signed certificate from a Certification Authority (CA) for a TLS Context.
This process is referred to as a certificate signing request (CSR) and is required if your organization
employs a Public Key Infrastructure (PKI) system. The CSR contains information identifying the
device such as a Distinguished Name (DN) and/or subject alternative names in the case of an
X.509 certificate.
➢
To assign a CSR-based certificate to a TLS Context:
1. Open the TLS Contexts table (see
2. In the table, select the required TLS Context, and then click the Change Certificate link
located below the table; the Change Certificates page appears.
3. Under the Certificate Signing Request group, fill in the following information:
a. Distinguished Name (DN) fields (uniquely identifies the device):
◆
◆
◆
◆
◆
◆
b. If you want to generate a CSR for SAN (with multiple subject alternate names), then from
the 'Subject Alternative Name [SAN]' drop-down list, select the type of SAN (e-mail
address, DNS hostname, URI, or IP address), and then enter the relevant value. You can
configure multiple SAN names, using the 1st to 5th 'Subject Alternative Name [SAN]'
fields.
c. From the 'Signature Algorithm' drop-down list, select the hash function algorithm (SHA-1,
SHA-256, or SHA-512) with which to sign the certificate.
Defines the IP address (in dotted-decimal notation) of the
secondary OCSP server (optional).
The default is 0.0.0.0.
Defines the OCSP server's TCP port number.
The default port is 2560.
Determines whether the device allows or rejects peer
certificates if it cannot connect to the OCSP server.
■
■
In the 'Common Name [CN]' field, enter the common name.
(Optional) In the 'Organizational Unit [OU]' field, enter the section of the organization.
(Optional) In the ' Company name [O]' field, enter the legal name of your organization.
(Optional) In the 'Locality or city name [L]' field, enter the city where your organization
is located.
(Optional) In the ' State [ST]' field, enter the state or province where your organization
is located.
(Optional) In the ' Country code [C]' field, enter the two-letter ISO abbreviation for your
country.
Mediant 800 Gateway & E-SBC | User's Manual
Description
[0] Reject (default)
[1] Allow
Configuring TLS Certificate
- 130 -
Contexts).