AudioCodes Mediant 1000B User Manual page 752
Analog & digital voip media gateway enterprise session border controller gateway & e-sbc
Hide thumbs
Also See for Mediant 1000B:
- User manual (1281 pages) ,
- Hardware installation manual (92 pages) ,
- Configuration note (52 pages)
Table of Contents
Advertisement
Parameter
Certificate
[SIPSRequireClientCertificate]
Web/EMS: Peer Host Name
Verification Mode
[PeerHostNameVerificationMode]
Web: TLS Client Verify Server
Certificate
EMS: Verify Server Certificate
CLI: tls-vrfy-srvr-cert
User's Manual
[0] Disable = (Default)
Device acts as a client: Verification of the server's
certificate depends on the VerifyServerCertificate
parameter.
Device acts as a server: The device does not request
the client certificate.
[1] Enable =
Device acts as a client: Verification of the server
certificate is required to establish the TLS connection.
Device acts as a server: The device requires the receipt
and verification of the client certificate to establish the
TLS connection.
Notes:
For this parameter to take effect, a device reset is required.
This feature can be configured per SIP Interface (see
Configuring SIP Interfaces on page 258).
The SIPS certificate files can be changed using the
parameters HTTPSCertFileName and
HTTPSRootFileName.
Determines whether the device verifies the Subject Name of a
remote certificate when establishing TLS connections.
[0] Disable (default).
[1] Server Only = Verify Subject Name only when acting as
a client for the TLS connection.
[2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
When the device receives a remote certificate and this
parameter is not disabled, the IP address from which the
certificate is received is compared with the addresses defined
for the Proxy Sets. If no Proxy Set with the source address is
found, the connection is refused. Otherwise, the value of
SubjectAltName field in the certificate is compared with the
addresses\ DNS Names of the classified Proxy Set. If a match
is found for any of the configured Proxies, the TLS connection
is established.
The comparison is performed if the SubjectAltName is either a
DNS name (DNSName) or an IP address. If no match is found
and the SubjectAltName is marked as 'critical', the TLS
connection is not established. If DNSName is used, the
certificate can also use wildcards ('*') to replace parts of the
domain name.
If the SubjectAltName is not marked as 'critical' and there is no
match, the CN value of the SubjectName field is compared with
the parameter TLSRemoteSubjectName. If a match is found,
the connection is established. Otherwise, the connection is
terminated.
Note: If you set this parameter to [2] (Server & Client), for this
functionality to operate, you also need to set the
SIPSRequireClientCertificate parameter to [1] (Enable).
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is
verified with the Root CA information.
[0] Disable (default)
752
Mediant 1000B Gateway & SBC
Description
Document #: LTRT-27034
Advertisement
Chapters
Table of Contents
