CHAPTER14 Security
Mediant 800 Gateway & E-SBC | User's Manual
4. Under the Certificate Signing Request group, in the 'Common Name [CN]' field, enter the
fully-qualified DNS name (FQDN) as the certificate subject. Alternatively (or in addition), if you
want to generate a self-signed SAN certificate (with multiple subject alternate names), then
from the 'Subject Alternative Name [SAN]' drop-down list, select the type of SAN (e-mail
address, DNS hostname, URI, or IP address), and then enter the relevant value. You can
configure multiple SANs, using the 1st to 5th 'Subject Alternative Name [SAN]' fields.
5. Scroll down the page to the Generate New Private Key and Self-signed Certificate group:
6. Click Generate Self-Signed Certificate; a message appears requesting you to confirm
generation.
7. Click OK to confirm generation; the device generates a new self-signed certificate displaying
the new subject name, indicated by a message in the Certificate Signing Request group:
8. Save the configuration with a device reset for the new certificate to take effect.
Importing Certificates into Trusted Root Certificate Store
The device provides its own Trusted Root Certificate store. This lets you manage certificate trust.
You can import up to 20 certificates to the store per TLS Context (but this may be less depending
on certificate file size).
The store can also be used for certificate chains. A certificate chain is a sequence of certificates
where each certificate in the chain is signed by the subsequent certificate. The last certificate in the
list of certificates is the Root CA certificate, which is self-signed. The purpose of a certificate chain
is to establish a chain of trust from a child certificate to the trusted root CA certificate. The CA
vouches for the identity of the child certificate by signing it. A client certificate is considered trusted
if one of the CA certificates up the certificate chain is found in the server certificate directory. For
the device to trust a whole chain of certificates per TLS Context, you need to import them into the
device's Trusted Certificates Store, as described below.
- 136 -
To Next Page
Loading...
Need help?
General
