To Next Page

To Previous Page

CHAPTER14 Security

Mediant 800 Gateway & E-SBC | User's Manual

4. From the 'Private Key Size' drop-down list, select the desired private key size (in bits) for RSA

public-key encryption for newly self-signed generated keys:

● 512

● 768

● 1024 (default)

● 2048

● 4096

5. (Optional) In the 'Private key pass-phrase' field, enter a password (passphrase) to encrypt the

private key file. If you don't want to encrypt the file, make the field blank. The default

passphrase is "audc". The passphrase can be up to 32 characters.

6. Click Generate Private-Key; a message appears requesting you to confirm key generation.

7. Click OK to confirm key generation; the device generates a new private key, indicated by a

message in the Certificate Signing Request group:

8. Continue with the certificate configuration by either creating a CSR or generating a new self-

signed certificate.

9. Save the configuration with a device reset for the new certificate to take effect.

Creating Self-Signed Certificates for TLS Contexts

You can assign a certificate that is digitally signed by the device itself to a TLS Context (i.e., self-

signed certificate). In other words, the device acts as a CA. The Issuer (e.g., "Issuer: CN=ACL_

5967925") and Subject (e.g., " Subject: CN=ACL_5967925") fields of the self-signed certificate

have the same value.

● The device is shipped with a default TLS Context (Index 0 and named "default"),

which includes a self-generated random private key and a self-signed server

certificate. The Common Name (CN or subject name) of the default certificate is

"ACL_nnnnnnn", where nnnnnnn denotes the serial number of the device. If this

default self-signed certificate is about to expire (less than a day), the device

automatically re-generates a new self-signed certificate.

You can configure each TLS Context with the following:

➢ To assign a self-signed certificate to a TLS Context:

1. Before you begin, make sure of the following:

● You have a unique DNS name for the device (e.g., dns_name.corp.customer.com). The

name is used to access the device and therefore, must be listed in the server certificate.

● No traffic is running on the device. The certificate generation process is disruptive to traffic

and should be done during maintenance time.

2. Open the TLS Contexts table (see Configuring TLS Certificate Contexts).

3. In the table, select the required TLS Context index row, and then click the Change Certificate

link located below the table; the Change Certificates page appears.

- 135 -

AudioCodes Mediant 800 User Manual

Other manuals for AudioCodes Mediant 800