CHAPTER68 Configuration Parameters Reference
Mediant 1000 Gateway & E-SBC | User's Manual
Parameter Description
â– [2] Server & Client = Verify Subject Name
when acting as a server or client for the TLS
connection.
If the device receives a certificate from a SIP entity
(IP Group) and the parameter is configured to Server
Only or Server & Client, it attempts to authenticate
the certificate based on the certificate's address.
The device searches for a Proxy Set that contains
the same address (IP address or FQDN) as that
specified in the certificate's SubjectAltName
(Subject Alternative Names). For Proxy Sets with an
FQDN, the device checks the FQDN itself and not
the DNS-resolved IP addresses. If a Proxy Set is
found with a matching address, the device
establishes a TLS connection.
If a matching Proxy Set is not found, one of the
following occurs:
â– If the certificate's SubjectAltName is marked as
"critical", the device rejects the call.
â– If the SubjectAltName is not marked as
"critical", the device checks if the FQDN in the
certificate's Common Name (CN) of the
SubjectName is the same as that configured for
the TLSRemoteSubjectName parameter or for
the Proxy Set. If they are the same, the device
establishes a TLS connection; otherwise, the
device rejects the call.
Note:
â– If you configure the parameter to Server &
Client, you also need to configure the
SIPSRequireClientCertificate parameter to
Enable.
â– For FQDN, the certificate may use wildcards (*)
to replace parts of the domain name.
'TLS Client Verify Server Certificate'
configure network >
security-settings > tls-
vrfy-srvr-cert
[VerifyServerCertificate]
Determines whether the device, when acting as a
client for TLS connections, verifies the Server
certificate. The certificate is verified with the Root
CA information.
â– [0] Disable (default)
â– [1] Enable
Note: If Subject Name verification is necessary, the
parameter PeerHostNameVerificationMode must be
used as well.
- 1142 -
To Next Page
Loading...
Need help?
General
