Version 6.6 327 October 2014
Installation & Operation Manual 33. Configuring Security Settings
33.10.2 Self-Signed Certificate
A Self-Signed Certificate is the simplest form of an X.509 Certificate that is issued by
the participant itself without the use of any Certificate Authority (CA). The Self-Signed
Certificate consists of the Public Key of the party that is signed by the Private Key of
the party itself. The Self-Signed Certificate is typically not appropriate for field
deployments, since it does not utilize CA trust relationships and its authenticity cannot
be reliably verified. The Self-Signed Certificate is typically used in lab environment or
for a low-scale deployment where solution security may be sacrificed in favor of
simplified configuration procedures.
Note: Use of the Self-Signed Certificates for field deployments is strongly
discouraged. You should instead establish PKI infrastructure and use certificates
signed by the genuine CAs. Refer to the sections described below for detailed
instructions.
When Self-Signed Certificates are used by both parties who participate in the secure
communication, the Self-Signed Certificate for each party should be used by the other
party as a Trusted Root Certificate.
Media Gateway is pre-installed with a self-signed certificate upon installation. This
certificate is primarily intended to enable internal communication between the SC
board and the Media Gateway boards. However, some users may wish to periodically
re-generate self-signed certificates to improve its security properties (by applying the
new Public Key that is part of the certificate data). The instructions below describe
how this operation can be performed.
To generate a new Self-Signed Certificate:
1. Click
to access the Media Gateway status screen.
2. In the Navigation pane, select Security and in Configuration pane, click Security
Settings;the Security Settings screen is displayed.
To Next Page
Loading...
