User's Manual 534 Document #: LTRT-68822
Mediant 2000
Parameter Description
TLSRemoteSubjectName. If a match is found, the connection is
established. Otherwise, the connection is terminated.
Note: If you set this parameter to [2] (Server & Client), for this
functionality to operate, you also need to set the
SIPSRequireClientCertificate parameter to [1] (Enable).
Web: TLS Client Verify
Server Certificate
EMS: Verify Server
Certificate
[VerifyServerCertificate
]
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is verified with
the Root CA information.
 [0] Disable (default)
 [1] Enable
Note: If Subject Name verification is necessary, the parameter
PeerHostNameVerificationMode must be used as well.
Web: Strict Certificate
Extension Validation
[RequireStrictCert]
Enables the validation of the extensions (keyUsage and
extentedKeyUsage) of peer certificates. This validation ensures that the
signing CA is authorized to sign certificates and that the end-entity
certificate is authorized to negotiate a secure TLS connection.
 [0] Disable (default)
 [1] Enable
Web/EMS: TLS Remote
Subject Name
[TLSRemoteSubjectNa
me]
Defines the Subject Name that is compared with the name defined in the
remote side certificate when establishing TLS connections.
If the SubjectAltName of the received certificate is not equal to any of the
defined Proxies Host names/IP addresses and is not marked as 'critical',
the Common Name (CN) of the Subject field is compared with this value.
If not equal, the TLS connection is not established. If the CN uses a
domain name, the certificate can also use wildcards (‘*’) to replace parts
of the domain name.
The valid range is a string of up to 49 characters.
Note: This parameter is applicable only if the parameter
PeerHostNameVerificationMode is set to 1 or 2.
Web: Client Cipher
String
[TLSClientCipherString
]
Defines the cipher-suite string for TLS clients.
The valid value is up to 255 strings. The default is "ALL:!ADH".
For example: TLSClientCipherString = 'EXP'
This parameter complements the HTTPSCipherString parameter (which
affects TLS servers). For possible values and additional details, refer to:
http://www.openssl.org/docs/apps/ciphers.html
[TLSPkeySize]
Defines the key size (in bits) for RSA public-key encryption for newly
self-signed generated keys for SSH.
 [512]
 [768]
 [1024] (default)
 [2048]
To Next Page
Loading...
Need help?
General
