AudioCodes Mediant 4000 SBC

To Next Page

To Previous Page

CHAPTER60 Configuration Parameters Reference

Mediant 4000 SBC | User's Manual

Parameter Description

■ If the SubjectAltName is not marked as

"critical", the device checks if the FQDN in the

certificate's Common Name (CN) of the

SubjectName is the same as that configured for

the TLSRemoteSubjectName parameter or for

the Proxy Set. If they are the same, the device

establishes a TLS connection; otherwise, the

device rejects the call.

Note:

■ If you configure the parameter to Server &

Client, you also need to configure the

SIPSRequireClientCertificate parameter to

Enable.

■ For FQDN, the certificate may use wildcards (*)

to replace parts of the domain name.

'TLS Client Verify Server Certificate'

configure network >

security-settings > tls-

vrfy-srvr-cert

[VerifyServerCertificate]

Determines whether the device, when acting as a

client for TLS connections, verifies the Server

certificate. The certificate is verified with the Root

CA information.

■ [0] Disable (default)

■ [1] Enable

Note: If Subject Name verification is necessary, the

parameter PeerHostNameVerificationMode must be

used as well.

'TLS Remote Subject Name'

configure network >

security-settings > tls-rmt-

subs-name

[TLSRemoteSubjectName]

Defines the Subject Name that is compared with the

name defined in the remote side certificate when

establishing TLS connections.

If the SubjectAltName of the received certificate is

not equal to any of the defined Proxies Host

names/IP addresses and is not marked as 'critical',

the Common Name (CN) of the Subject field is

compared with this value. If not equal, the TLS

connection is not established. If the CN uses a

domain name, the certificate can also use wildcards

(‘*’) to replace parts of the domain name.

The valid range is a string of up to 49 characters.

Note: The parameter is applicable only if the

parameter PeerHostNameVerificationMode is set to

1 or 2.

'TLS Expiry Check Start'

expiry-check-start

[TLSExpiryCheckStart]

Defines when the device sends an SNMP alarm

(acCertificateExpiryAlarm) to notify that the installed

TLS server certificate is about to expire. This is

defined by the number of days before the

certificate's expiration date. For example, if

configured to 5, the alarm is sent 5 days before the

expiration date. For more information on the alarm,

refer to the SNMP Reference Guide.

The valid value is 0 to 3650. The default is 60.

- 911 -

Main Page

AudioCodes Mediant 4000 SBC - Page 944

Table of Contents

Other manuals for AudioCodes Mediant 4000 SBC

Related product manuals