Sip Over Tls (Sips); Embedded Web Server Configuration; Using The Secured Embedded Web Server - AudioCodes Mediant 1000 User Manual
Sip media gateways
Hide thumbs
Also See for Mediant 1000:
- User manual (1195 pages) ,
- Hardware installation manual (84 pages) ,
- Installation manual (76 pages)
Table of Contents
Advertisement
14.2.1 SIP Over TLS (SIPS)
The Mediant 1000 uses TLS over TCP to encrypt SIP transport and (optionally) to
authenticate it. To enable TLS on the Mediant 1000, set the selected transport type to TLS
(SIPTransportType = 2). In this mode the gateway initiates a TLS connection only for the
next network hop. To enable TLS all the way to the destination (over multiple hops) set
EnableSIPS to 1. When a TLS connection with the gateway is initiated, the gateway also
responds using TLS regardless of the configured SIP transport type (in this case, the
parameter EnableSIPS is also ignored).
TLS and SIPS use the Certificate Exchange process described in Sections
14.2.5. To change the port number used for SIPS transport (by default 5061), use the
parameter TLSLocalSIPPort.
When SIPS is used, it is sometimes required to use two-way authentication. When acting
as the TLS server (in a specific connection) it is possible to demand the authentication of
the client's certificate. To enable two-way authentication on the Mediant 1000, set the ini
file parameter, SIPSRequireClientCertificate = 1. For information on installing a client
certificate, refer to Section
14.2.2 Embedded Web Server Configuration
For additional security, you can configure the Embedded Web Server to accept only
secured (HTTPS) connections by changing the parameter HTTPSOnly to 1 (described in
Table 5-36
on page 176).
You can also change the port number used for the secured Web server (by default 443), by
changing the ini file parameter, HTTPSPort (described in Section
14.2.2.1 Using the Secured Embedded Web Server
To use the secured Embedded Web Server, take these 3 steps:
1.
Access
https://[host name] or [IP address]
Depending on the browser's configuration, a security warning dialog may be
displayed. The reason for the warning is that the Mediant 1000 initial certificate is not
trusted by your PC. The browser may allow you to install the certificate, thus skipping
the warning dialog the next time you connect to the Mediant 1000.
2.
If you are using Internet Explorer, click View Certificate and then Install Certificate.
3.
The browser also warns you if the host name used in the URL is not identical to the
one listed in the certificate. To solve this, add the IP address and host name
(ACL_nnnnnn where nnnnnn is the serial number of the Mediant 1000) to your hosts
file, located at /etc/hosts on UNIX or C:\Windows\System32\Drivers\ETC\hosts on
Windows; then use the host name in the URL (e.g., https://ACL_280152).The figure
below is an example of a host file:
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# Location: C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
#
127.0.0.1
10.31.4.47
SIP User's Manual
14.2.5
on page 355.
the
Mediant
Figure 14-8: Example of a Host File
localhost
ACL_280152
352
1000
using
the
Mediant 1000
14.2.4
and
6.5.4
on page 227).
following
URL:
Document #: LTRT-83301
Advertisement
Table of Contents
