Data Security
HTTPS requires two actions by the user:
•
Both the Media Gateway and the PC on which the Web browser used to connect to the Media
Gateway via HTTPS is running must be configured with the proper certificate.
•
When accessing the Media Gateway, use https:// instead of the non-secure http:// followed by
the Media Gateway's URL.
This section includes the following information about HTTP security:
HTTPS Certificate Configuration
•
HTTPS Example
•
7.2.1
HTTPS Certificate Configuration
An HTTPS certificate can be either self-signed or certificate authority (CA) signed. A self-signed
certificate can be generated by the Media Gateway. CA signed certificates must be requested by the
Media Gateway and then signed by a CA.
When using a self-signed certificate:
The Media Gateway generates a self-signed public key certificate.
•
•
This certificate is then exported and downloaded from the Media Gateway to a PC via HTTP
(or HTTPS if already active).
•
The certificate is then configured into the Windows
used to connect to the Media Gateway.
From this PC, the user logs on to the Media Gateway using the https://[URL].
•
•
HTTPS is then automatically used when accessing all subsequent Web pages.
When using a CA signed certificate:
•
The Media Gateway generates a certificate signature request (CSR).
•
The CSR is exported from the Media Gateway to a PC via HTTP (or HTTPS if already active).
•
The CSR is used by the CA to create a signed certificate.
The CA signed certificate is uploaded to the Media Gateway.
•
•
The root certificate of the CA that signed the CSR is configured into the PC running the Web
browser used to connect to the Media Gateway via HTTPS.
•
The user logs into the Media Gateway by going to https://[URL]
HTTPS is automatically used when accessing all the subsequent Web pages
•
The choice of either self-signed or CA-signed certificates depends on the system administration
and the desired level of trust within the system. Self-signed certificates are generated by the Media
Gateway and therefore do not cost any money - and may require less time to install. A self-signed
certificate is simply downloaded from the gateway and installed on the PC running the Web
browser used to connect to the Media Gateway via HTTPS.
However, when self-signed certificates are used, the PC/Web Browser must have a unique
certificate installed for each Media Gateway with which it will communicate. This process could
172
®
Dialogic
1000 and 2000 Media Gateway Series User's Guide — September 2007
®
PC running the HTTPS Web browser
Dialogic Corporation