Parameter Description
Web: TLS Client Re-Handshake
Interval
EMS: TLS Re Handshake Interval
[TLSReHandshakeInterval]
Defines the time interval (in minutes) between TLS Re-
Handshakes initiated by the device.
The interval range is 0 to 1,500 minutes. The default is 0 (i.e.,
no TLS Re-Handshake).
Web: TLS Mutual Authentication
EMS: SIPS Require Client
Certificate
[SIPSRequireClientCertificate]
Determines the device's behavior when acting as a server for
TLS connections.
 [0] Disable = (Default) The device does not request the
client certificate.
 [1] Enable = The device requires receipt and verification of
the client certificate to establish the TLS connection.
Notes:
 For this parameter to take effect, a device reset is required.
 The SIPS certificate files can be changed using the
parameters HTTPSCertFileName and
HTTPSRootFileName.
Web/EMS: Peer Host Name
Verification Mode
[PeerHostNameVerificationMode]
Determines whether the device verifies the Subject Name of a
remote certificate when establishing TLS connections.
 [0] Disable (default).
 [1] Server Only = Verify Subject Name only when acting as
a client for the TLS connection.
 [2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
When a remote certificate is received and this parameter is not
disabled, the value of SubjectAltName is compared with the list
of available Proxies. If a match is found for any of the
configured Proxies, the TLS connection is established.
The comparison is performed if the SubjectAltName is either a
DNS name (DNSName) or an IP address. If no match is found
and the SubjectAltName is marked as ‘critical’, the TLS
connection is not established. If DNSName is used, the
certificate can also use wildcards (‘*’) to replace parts of the
domain name.
If the SubjectAltName is not marked as ‘critical’ and there is no
match, the CN value of the SubjectName field is compared with
the parameter TLSRemoteSubjectName. If a match is found,
the connection is established. Otherwise, the connection is
terminated.
Note: If you set this parameter to [2] (Server & Client), for this
functionality to operate, you also need to set the
SIPSRequireClientCertificate parameter to [1] (Enable).
Web: TLS Client Verify Server
Certificate
EMS: Verify Server Certificate
[VerifyServerCertificate]
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is
verified with the Root CA information.
 [0] Disable (default)
 [1] Enable
Note: If Subject Name verification is necessary, the parameter
PeerHostNameVerificationMode must be used as well.
Web: Strict Certificate Extension
Validation
[RequireStrictCert]
Enables the validation of the extensions (keyUsage and
extentedKeyUsage) of peer certificates. This validation ensures
that the signing CA is
To Next Page
Loading...
Need help?
General
