CHAPTER14 Security
Mediant 4000 SBC | User's Manual
Parameter Description
[TLSContexts_
OcspServerSecondary]
'OCSP Port'
ocsp-port
[TLSContexts_
OcspServerPort]
Defines the OCSP server's TCP port number.
The default port is 2560.
'OCSP Default Response'
ocsp-default-response
[TLSContexts_
OcspDefaultResponse]
Determines whether the device allows or rejects peer
certificates if it cannot connect to the OCSP server.
■ [0] Reject (default)
■ [1] Allow
Assigning CSR-based Certificates to TLS Contexts
You can request a digitally signed certificate from a Certification Authority (CA) for a TLS Context.
This process is referred to as a certificate signing request (CSR) and is required if your organization
employs a Public Key Infrastructure (PKI) system. The CSR contains information identifying the
device such as a Distinguished Name (DN) and/or subject alternative names in the case of an
X.509 certificate.
➢ To assign a CSR-based certificate to a TLS Context:
1. Open the TLS Contexts table (see Configuring TLS Certificate Contexts).
2. In the table, select the required TLS Context, and then click the Change Certificate link
located below the table; the Change Certificates page appears.
3. Under the Certificate Signing Request group, fill in the following information:
a. Distinguished Name (DN) fields (uniquely identifies the device):
◆ In the 'Common Name [CN]' field, enter the common name.
◆ (Optional) In the 'Organizational Unit [OU]' field, enter the section of the organization.
◆ (Optional) In the ' Company name [O]' field, enter the legal name of your organization.
◆ (Optional) In the 'Locality or city name [L]' field, enter the city where your organization
is located.
◆ (Optional) In the ' State [ST]' field, enter the state or province where your organization
is located.
◆ (Optional) In the ' Country code [C]' field, enter the two-letter ISO abbreviation for your
country.
b. If you want to generate a CSR for SAN (with multiple subject alternate names), then from
the 'Subject Alternative Name [SAN]' drop-down list, select the type of SAN (e-mail
address, DNS hostname, URI, or IP address), and then enter the relevant value. You can
configure multiple SAN names, using the 1st to 5th 'Subject Alternative Name [SAN]'
fields.
c. From the 'Signature Algorithm' drop-down list, select the hash function algorithm (SHA-1,
SHA-256, or SHA-512) with which to sign the certificate.
● Fill in the fields according to you security provider's instructions.
● If you leave the 'Common Name [CN]' field empty, the device generates the CSR
with the default Common Name (CN=ACL_<6-digit serial number of device>).
- 128 -
To Next Page
Loading...
