Parameter Description
Web: TLS Mutual Authentication
EMS: SIPS Require Client
Certificate
[SIPSRequireClientCertificate]
Determines the device's behavior when acting as a server for
TLS connections.
 [0] Disable = (Default) The device does not request the
client certificate.
 [1] Enable = The device requires receipt and verification of
the client certificate to establish the TLS connection.
Notes:
 For this parameter to take effect, a device reset is required.
 The SIPS certificate files can be changed using the
parameters HTTPSCertFileName and
HTTPSRootFileName.
Web/EMS: Peer Host Name
Verification Mode
[PeerHostNameVerificationMode]
Determines whether the device verifies the Subject Name of a
remote certificate when establishing TLS connections.
 [0] Disable (default).
 [1] Server Only = Verify Subject Name only when acting as
a client for the TLS connection.
 [2] Server & Client = Verify Subject Name when acting as a
server or client for the TLS connection.
When a remote certificate is received and this parameter is not
disabled, the value of SubjectAltName is compared with the list
of available Proxies. If a match is found for any of the
configured Proxies, the TLS connection is established.
The comparison is performed if the SubjectAltName is either a
DNS name (DNSName) or an IP address. If no match is found
and the SubjectAltName is marked as ‘critical’, the TLS
connection is not established. If DNSName is used, the
certificate can also use wildcards (‘*’) to replace parts of the
domain name.
If the SubjectAltName is not marked as ‘critical’ and there is no
match, the CN value of the SubjectName field is compared with
the parameter TLSRemoteSubjectName. If a match is found,
the connection is established. Otherwise, the connection is
terminated.
Note: If you set this parameter to [2] (Server & Client), for this
functionality to operate, you also need to set the
SIPSRequireClientCertificate parameter to [1] (Enable).
Web: TLS Client Verify Server
Certificate
EMS: Verify Server Certificate
[VerifyServerCertificate]
Determines whether the device, when acting as a client for TLS
connections, verifies the Server certificate. The certificate is
verified with the Root CA information.
 [0] Disable (default)
 [1] Enable
Note: If Subject Name verification is necessary, the parameter
PeerHostNameVerificationMode must be used as well.
Web/EMS: TLS Remote Subject
Name
[TLSRemoteSubjectName]
Defines the Subject Name that is compared with the name
defined in the remote side certificate when establishing TLS
connections.
If the SubjectAltName of the received certificate is not equal to
any of the defined Proxies Host names/IP addresses and is not
To Next Page
Loading...
Need help?
General
