Version 7.2 117 Mediant 800B Gateway & E-SBC
User's Manual 10. Configuring SSL/TLS Certificates
Parameter Description
OCSP Default Response
ocsp-default-response
[TLSContexts_OcspDefaultResponse]
Determines whether the device allows or rejects peer
certificates if it cannot connect to the OCSP server.
[0] Reject (default)
[1] Allow
10.2 Assigning CSR-based Certificates to TLS Contexts
The following procedure describes how to request a digitally signed certificate from a
Certification Authority (CA) for a TLS Context. This process is referred to as a certificate
signing request (CSR) and is required if your organization employs a Public Key
Infrastructure (PKI) system. The CSR contains information identifying the device such as a
distinguished name in the case of an X.509 certificate.
To assign a CSR-based certificate to a TLS Context:
1. Your network administrator should allocate a unique DNS name for the device (e.g.,
dns_name.corp.customer.com). The DNS name is used to access the device and
therefore, must be listed in the server certificate.
2. Open the TLS Contexts table (see 'Configuring TLS Certificate Contexts' on page
113).
3. In the table, select the required TLS Context, and then click the Change Certificate
link located below the table; the Change Certificates page appears.
4. Under the Certificate Signing Request group, do the following:
a. In the 'Subject Name [CN]' field, enter the DNS name.
Note: For the Subject Name, you can use the IP address of the device instead of a
qualified DNS name. However, it is not recommended since the IP address is subject
to change and may not uniquely identify the device.
a. From the 'Signature Algorithm' drop-down list, select the hash function algorithm
(SHA-1, SHA-256, or SHA-512) with which to sign the certificate.
b. Fill in the rest of the request fields according to your security provider's
instructions.
To Next Page
Loading...
