User's Manual 114 Document #: LTRT-10632
Mediant 800B Gateway & E-SBC
peer certificate is received (TLS client mode, or TLS server mode with mutual
authentication).
Note:
• The device does not query OCSP for its own certificate.
• Some PKIs do not support OCSP, but generate Certificate Revocation Lists
(CRLs). For such scenarios, set up an OCSP server such as OCSPD.
Private key - externally created and then uploaded to device.
Different levels of security strength (key size) per TLS certificate.
X.509 certificates - self-signed certificates or signed as a result of a certificate signing
request (CSR).
Trusted root certificate authority (CA) store (for validating certificates).
To use a TLS Context for SIPS, assign it to a Proxy Set and/or SIP Interface associated
with the IP Group for which you want to employ TLS certificates. When the device
establishes a TLS connection (handshake) with a SIP user agent (UA), the TLS Context is
determined as follows:
Incoming calls:
1. Proxy Set: If the incoming call is successfully classified to an IP Group based on
Proxy Set (i.e., IP address of calling party) and the Proxy Set is configured for
TLS ('Transport Type' parameter is set to TLS), the TLS Context assigned to the
Proxy Set is used. To configure Proxy Sets, see 'Configuring Proxy Sets' on page
380.
2. SIP Interface: If the Proxy Set is either not configured for TLS (i.e., the 'Transport
Type' parameter is set to UDP) or not assigned a TLS Context, and/or
classification to a Proxy Set fails, the device uses the TLS Context assigned to
the SIP Interface used for the call. To configure SIP Interfaces, see 'Configuring
SIP Interfaces' on page 357.
3. Default TLS Context (ID 0): If the SIP Interface is not assigned a TLS Context or
no SIP Interface is used for the call, the device uses the default TLS Context.
Outgoing calls:
1. Proxy Set: If the outgoing call is sent to an IP Group associated with a Proxy Set
that is assigned a TLS Context and the Proxy Set is configured for TLS (i.e.,
'Transport Type' parameter is set to TLS), the TLS Context is used. If the
'Transport Type' parameter is set to UDP, the device uses UDP to communicate
with the proxy and no TLS Context is used.
2. SIP Interface: If the Proxy Set is not assigned a TLS Context, the device uses the
TLS Context assigned to the SIP Interface used for the call.
3. Default TLS Context (ID 0): If the SIP Interface is not assigned a TLS Context or
no SIP Interface is used for the call, the device uses the default TLS Context.
The following procedure describes how to configure a TLS Context through the Web
interface. You can also configure it through ini file (TLSContexts) or CLI (configure system
> tls <ID>).
To configure a TLS Context:
1. Open the TLS Contexts table (Setup menu > IP Network tab > Security folder > TLS
Contexts).
2. Click New to add a new TLS Context or Edit to modify the default TLS Context at
Index 0; the following dialog box appears (for adding a TLS Context):
To Next Page
Loading...
