Secure Telnet; Server Certificate Replacement - AudioCodes Mediant 1000 User Manual

The browser also warns you if the host name used in the URL is not identical to the
3.
one listed in the certificate. To overcome this, add the IP address and host name
(ACL_nnnnnn where nnnnnn is the serial number of the Mediant 1000) to your hosts
file, located at /etc/hosts on UNIX or C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
on Windows; then use the host name in the URL, e.g., https://ACL_280152 .Below is
an example of a host file:
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# Location: C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
#
127.0.0.1 localhost
10.31.4.47 ACL_280152

16.1.3 Secure Telnet

The Mediant 1000 has an embedded Telnet server allowing easy command-line access to
the device configuration and management interface. The Telnet server is disabled by
default. To enable it, set the parameter, TELNETServerEnable to 1 (standard mode) or 2
(SSL mode).
No information is transmitted in the clear when using SSL mode.
If the Telnet server is set to SSL mode, a special Telnet client is required on your PC to
connect to the Telnet interface over a secure connection; examples include C-Kermit for
UNIX, Kermit-95 for Windows, and AudioCodes' acSSLTelnet utility for Windows (which
requires prior installation of the free OpenSSL toolkit).

16.1.4 Server Certificate Replacement

The Mediant 1000 is shipped with a working SSL configuration consisting of a unique self-
signed server certificate. When a Mediant 1000 is upgraded to firmware version 4.6, a
unique self-signed server certificate is created. If an organizational PKI (public key
infrastructure) is in place, you may wish to replace this certificate with one provided by your
security administrator.
To replace this certificate, take these 9 steps:
Your network administrator should allocate a unique DNS name for the Mediant 1000
1.
(e.g., dns_name.corp.customer.com). This name is used to access the device, and
should therefore be listed in the server certificate.
Navigate your browser to the following URL (case-sensitive):
2.
https://dns_name.corp.customer.com/SSLCertificateSR
Note that you should use the DNS name provided by your network administrator. The
Certificate Signing Request Web page is displayed.
Enter the DNS name as the certificate subject (in the input box), and click Generate
3.
CSR. The Web page displays a textual certificate signing request, which contains the
SSL device identifier
Copy this text and send it to your security provider.
4.
The security provider (also known as Certification Authority or CA) signs this request and
send you a server certificate for the device.
User's Manual 280
Digital Mediant 1000
Document # LTRT-66401