User`s manual
Table Of Contents
- Mediant 2000 & TP-1610 & TP-260/UNI SIP User’s Manual Version 5.0
- Table of Contents
- List of Figures
- List of Tables
- Notices
- 1. Overview
- 2. Physical Description
- 3. Installation
- 4. Getting Started
- 5. Web Management
- Computer Requirements
- Protection and Security Mechanisms
- Accessing the Embedded Web Server
- Getting Acquainted with the Web Interface
- Protocol Management
- Advanced Configuration
- Status & Diagnostic
- Software Update Menu
- Maintenance
- Logging Off the Embedded Web Server
- 6. Gateway's ini File Configuration
- Secured ini File
- Modifying an ini File
- The ini File Content
- The ini File Structure
- The ini File Example
- Networking Parameters
- System Parameters
- Web and Telnet Parameters
- Security Parameters
- RADIUS Parameters
- SNMP Parameters
- SIP Configuration Parameters
- Voice Mail Parameters
- ISDN and CAS Interworking-Related Parameters
- Number Manipulation and Routing Parameters
- E1/T1 Configuration Parameters
- Channel Parameters
- Configuration Files Parameters
- 7. Using BootP / DHCP
- 8. Telephony Capabilities
- Working with Supplementary Services
- Configuring the DTMF Transport Types
- Fax & Modem Transport Modes
- Event Notification using X-Detect Header
- ThroughPacket™
- Dynamic Jitter Buffer Operation
- Configuring the Gateway’s Alternative Routing (based on Conn
- Call Detail Report
- Supported RADIUS Attributes
- Trunk to Trunk Routing Example
- Proxy or Registrar Registration Example
- SIP Call Flow Example
- SIP Authentication Example
- 9. Networking Capabilities
- 10. Advanced PSTN Configuration
- 11. Advanced System Capabilities
- 12. Special Applications
- 13. Security
- 14. Diagnostics
- 15. SNMP-Based Management
- SNMP Standards and Objects
- Carrier Grade Alarm System
- Cold Start Trap
- Third-Party Performance Monitoring Measurements
- TrunkPack-VoP Series Supported MIBs
- Traps
- SNMP Interface Details
- SNMP Manager Backward Compatibility
- Dual Module Interface
- SNMP NAT Traversal
- SNMP Administrative State Control
- AudioCodes’ Element Management System
- 16. Configuration Files
- Appendix A. Selected Technical Specifications
- Appendix B. Supplied SIP Software Kit
- Appendix C. SIP Compliance Tables
- Appendix D. The BootP/TFTP Configuration Utility
- Appendix E. RTP/RTCP Payload Types and Port Allocation
- Appendix F. RTP Control Protocol Extended Reports (RTCP-XR)
- Appendix G. Accessory Programs and Tools
- Appendix H. Release Reason Mapping
- Appendix I. SNMP Traps
- Appendix J. Installation and Configuration of Apache HTTP Server
- Appendix K. Regulatory Information
SIP User's Manual 13. Security
Version 5.0 293 October 2006
8. Click Browse, navigate to the cert.txt file, and then click Send File.
9. When the operation is completed, save the configuration (Section 5.9.2 on page 124)
and restart the gateway; the Embedded Web Server uses the provided certificate.
Notes:
• The certificate replacement process can be repeated when necessary
(e.g., the new certificate expires).
• It is possible to use the IP address of the gateway (e.g., 10.3.3.1) instead
of a qualified DNS name in the Subject Name. This practice is not
recommended since the IP address is subject to changes and may not
uniquely identify the device.
• The server certificate can also be loaded via ini file using the parameter
‘HTTPSCertFileName’.
13.2.5 Client Certificates
By default, Web servers using SSL provide one-way authentication. The client is certain
that the information provided by the Web server is authentic. When an organizational PKI is
used, two-way authentication may be desired: both client and server should be
authenticated using X.509 certificates. This is achieved by installing a client certificate on
the managing PC, and loading the same certificate (in base64-encoded X.509 format) to
the gateway's Trusted Root Certificate Store. The Trusted Root Certificate file should
contain both the certificate of the authorized user and the certificate of the CA.
Since X.509 certificates have an expiration date and time, the gateway must be configured
to use NTP (Section
9.8 on page 236) to obtain the current date and time. Without a
correct date and time, client certificates cannot work.
¾ To install a client certificate, take these 6 steps:
1. Before continuing, set HTTPSOnly = 0 to ensure you have a method of accessing the
device in case the client certificate doesn’t work. Restore the previous setting after
testing the configuration.
2. Open the ‘Certificates’ screen (Advanced Configuration menu > Security Settings
submenu > Certificates option); the ‘Certificates’ screen is displayed (Figure 13-9).
3. To load the Trusted Root Certificate file locate the trusted root certificate loading
section.
4. Click Browse, navigate to the file, and then click Send File.
5. When the operation is completed, set the ini file parameter,
HTTPSRequireClientCertificates = 1.
6. Save the configuration (Section 5.9.2 on page 124) and restart the gateway.