AudioCodes Mediant 500L MSBR

To Next Page

To Previous Page

User's Manual 13. Configuring SSL/TLS Certificates

Version 6.8 127 Mediant 500L MSBR



Save certificates to a file on your PC: Select the required certificate, click Export, and

then in the Export Certificate dialog box, browse to the folder on your PC where you

want to save the file and click Export.

13.7 Configuring Mutual TLS Authentication

13.7.1 TLS for SIP Clients

When Secure SIP (SIPS) is implemented using TLS, it is sometimes required to use two-

way (mutual) authentication between the device and a SIP user agent (client). When the

device acts as the TLS server in a specific connection, the device demands the

authentication of the SIP client’s certificate. Both the device and the client use certificates

from a CA to authenticate each other, sending their X.509 certificates to one another during

the TLS handshake. Once the sender is verified, the receiver sends its' certificate to the

sender for verification. SIP signaling starts when authentication of both sides completes

successfully.

TLS mutual authentication can be configured for specific calls by enabling mutual

authentication on the SIP Interface used by the call. The TLS Context associated with the

SIP Interface or Proxy Set belonging to these calls are used.

Note: SIP mutual authentication can also be configured globally for all calls, using the

'TLS Mutual Authentication' parameter (SIPSRequireClientCertificate) in the General

Security Settings page (Configuration tab > VoIP menu > Security > General

Security Settings).

 To configure mutual TLS authentication for SIP messaging:

1. Enable two-way authentication on the specific SIP Interface:

a. In the SIP Interface Table page (see ''Configuring SIP Interfaces'' on page 283),

set the 'TLS Mutual Authentication' parameter to Enable for the specific SIP

Interface.

b. Click Submit, and then reset the device with a burn-to-flash for your settings to

take effect.

2. Configure a TLS Context with the following certificates:

• Import the certificate of the CA that signed the certificate of the SIP client, into the

Trusted Root Store so that the device can authenticate the client (see ''Importing

Certificates and Certificate Chain into Trusted Certificate Store'' on page 126).

• Make sure that the TLS certificate is signed by a CA that the SIP client trusts so

that the client can authenticate the device.

Other manuals for AudioCodes Mediant 500L MSBR