User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMediant 600

111

112

113

114

115

116

117

118

119

120

SIP User's Manual 120 Document #: LTRT-83303

Mediant 1000 & Mediant 600

7. In the 'Certificates Files' group, click the Browse button corresponding to 'Send Server

Certificate...', navigate to the cert.txt file, and then click Send File.

8. When the loading of the certificate is completed, save the configuration (refer to

''Saving Configuration'' on page 265) and restart the device; the Web interface uses

the provided certificate.

Notes:

• The certificate replacement process can be repeated when necessary

(e.g., the new certificate expires).

• It is possible to use the IP address of the device (e.g., 10.3.3.1) instead

of a qualified DNS name in the Subject Name. This is not recommended

since the IP address is subject to changes and may not uniquely identify

the device.

• The server certificate can also be loaded via ini file using the parameter

HTTPSCertFileName.

3.4.4.4.2 Client Certificates

By default, Web servers using SSL provide one-way authentication. The client is certain

that the information provided by the Web server is authentic. When an organizational PKI is

used, two-way authentication may be desired: both client and server should be

authenticated using X.509 certificates. This is achieved by installing a client certificate on

the managing PC, and loading the same certificate (in base64-encoded X.509 format) to

the device's Trusted Root Certificate Store. The Trusted Root Certificate file should contain

both the certificate of the authorized user and the certificate of the CA.

Since X.509 certificates have an expiration date and time, the device must be configured to

use NTP (refer to ''Simple Network Time Protocol Support'' on page 449) to obtain the

current date and time. Without the correct date and time, client certificates cannot work.

¾ To enable two-way client certificates, take these 5 steps:

1. Set the parameter 'Secured Web Connection (HTTPS)' to 'Disable' (HTTPSOnly to 0)

in ''Configuring the General Security Settings'' on page 123 to ensure you have a

method of accessing the device in case the client certificate doesn’t work. Restore the

previous setting after testing the configuration.

2. Open the ‘Certificates Signing Request' page (refer to ''Server Certificate

Replacement'' on page 118).

3. In the 'Certificates Files' group, click the Browse button corresponding to 'Send

"Trusted Root Certificate Store" file ...', navigate to the file, and then click Send File.

4. When the operation is complete, set the ini file parameter

HTTPSRequireClientCertificates to 1.

5. Save the configuration (refer to ''Saving Configuration'' on page 265), and then restart

the device.