Version 7.2 325 Mediant MSBR
Reference Guide 52. security-settings
52 security-settings
This command configures various TLS certificate security settings.
Syntax
(config-network)# security-settings
(network-security)#
Command Description
PEERHOSTNAMEVERIFICATI
ONMODE {0|1|2}
Enables the device to verify the Subject Name of a TLS
certificate received from SIP entities for authentication and
establishing TLS connections:
0 = Disable (default)
1 = Verify Subject Name only when acting as a client
for the TLS connection.
2 = Verify Subject Name when acting as a server or
client for the TLS connection.
SIPSREQUIRECLIENTCERTI
FICATE {off|on}
Configures the device's mode of operation regarding
mutual authentication and certificate verification for TLS
connections.
off = Disable
Device acts as a client: Verification of the server’s
certificate depends on the VerifyServerCertificate
parameter.
Device acts as a server: The device does not
request the client certificate.
on = Enable
Device acts as a client: Verification of the server
certificate is required to establish the TLS
connection.
Device acts as a server: The device requires the
receipt and verification of the client certificate to
establish the TLS connection.
Note: For the parameter to take effect, a device reset is
required.
fips140mode {off|on}
Enables FIPS 140-2 conformance mode for TLS.
Note: Applicable only to specific products.
tls-re-hndshk-int
Configures the time interval (in minutes) between TLS Re-
Handshakes initiated by the device.
tls-rmt-subs-name
Configures the Subject Name that is compared with the
name defined in the remote side certificate when
establishing TLS connections.
tls-vrfy-srvr-cert
{off|on}
Enables the device, when acting as a client for TLS
connections, to verify the Server certificate. The certificate
is verified with the Root CA information.
Command Mode
Privileged User
To Next Page
Loading...
