AudioCodes Mediant 2000 User Manual page 88
Media gateway
Hide thumbs
Also See for Mediant 2000:
- User manual (702 pages) ,
- Installation manual (44 pages) ,
- Hardware installation manual (30 pages)
Table of Contents
Advertisement
4.
When
HTTPSRequireClientCertificates to 1.
5.
Save the configuration (refer to ''
the device.
When a user connects to the secured Web server:
If the user has a client certificate from a CA that is listed in the Trusted Root Certificate
file, the connection is accepted and the user is prompted for the system password.
If both the CA certificate and the client certificate appear in the Trusted Root Certificate
file, the user is not prompted for a password (thus, providing a single-sign-on
experience - the authentication is performed using the X.509 digital signature).
If the user doesn't have a client certificate from a listed CA, or doesn't have a client
certificate at all, the connection is rejected.
Notes:
3.3.6.4.3 Self-Signed Certificates
The device is shipped with an operational, self-signed server certificate. The subject name
for this default certificate is 'ACL_nnnnnnn', where nnnnnnn denotes the serial number of
the device. However, this subject name may not be appropriate for production and can be
changed while still using self-signed certificates.
To change the subject name and regenerate the self-signed certificate:
1.
Before you begin, ensure the following:
•
You have a unique DNS name for the device (e.g.,
dns_name.corp.customer.com). This name is used to access the device and
should therefore, be listed in the server certificate.
•
No traffic is running on the device. The certificate generation process is disruptive
to traffic and should be executed during maintenance time.
2.
Open the 'Certificates' page (refer to ''Server Certificate Replacement''
3.
In the 'Subject Name' field, enter the fully-qualified DNS name (FQDN) as the
certificate subject, and then click Generate Self-signed
message appears displaying the new subject name.
4.
Save configuration (refer to ''
device for the new certificate to take effect.
SIP User's Manual
the
operation
is
•
The process of installing a client certificate on your PC is beyond the
scope of this document. For more information, refer to your Web browser
or operating system documentation, and/or consult your security
administrator.
•
The root certificate can also be loaded via ini
HTTPSRootFileName.
•
You can enable Online Certificate Status Protocol (OCSP) on the device
to check whether a peer's certificate has been revoked by an OCSP
server. For further information, refer to the
Saving Configuration''
complete,
set
the
Saving Configuration''
on page
Product Reference Manual .
on page
88
Mediant 2000
ini
file
parameter
173
), and then restart
file using the parameter
on page
85
; after a few seconds, a
173
), and then restart the
Document #: LTRT-68809
).
Advertisement
Table of Contents
Troubleshooting
