User`s manual

ManualsBrandsAudioCodes ManualsComputer equipmentMP-1FXO

291

292

293

294

295

296

297

298

299

300

SIP User's Manual 12. Security

Version 5.0 291 December 2006

3. In the Subject Name field, enter the DNS name and click Generate CSR. A textual

certificate signing request, that contains the SSL device identifier, is displayed.

4. Copy this text and send it to your security provider; the security provider (also known

as Certification Authority or CA) signs this request and send you a server certificate for

the device.

5. Save the certificate in a file (e.g., cert.txt). Ensure the file is a plain-text file with the

‘BEGIN CERTIFICATE’ header. The figure below is an example of a Base64-Encoded

X.509 Certificate.

Figure 12-10: Example of a Base64-Encoded X.509 Certificate

-----BEGIN CERTIFICATE-----

MIIDkzCCAnugAwIBAgIEAgAAADANBgkqhkiG9w0BAQQFADA/MQswCQYDVQQGEwJG

UjETMBEGA1UEChMKQ2VydGlwb3N0ZTEbMBkGA1UEAxMSQ2VydGlwb3N0ZSBTZXJ2

ZXVyMB4XDTk4MDYyNDA4MDAwMFoXDTE4MDYyNDA4MDAwMFowPzELMAkGA1UEBhMC

RlIxEzARBgNVBAoTCkNlcnRpcG9zdGUxGzAZBgNVBAMTEkNlcnRpcG9zdGUgU2Vy

dmV1cjCCASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAPqd4MziR4spWldGR

x8bQrhZkonWnNm`+Yhb7+4Q67ecf1janH7GcN/SXsfx7jJpreWULf7v7Cvpr4R7qI

JcmdHIntmf7JPM5n6cDBv17uSW63er7NkVnMFHwK1QaGFLMybFkzaeGrvFm4k3lR

efiXDmuOe+FhJgHYezYHf44LvPRPwhSrzi9+Aq3o8pWDguJuZDIUP1F1jMa+LPwv

REXfFcUW+w==

-----END CERTIFICATE-----

6. Before continuing, set the parameter HTTPSOnly = 0 to ensure you have a method of

accessing the device in case the new certificate doesn’t work. Restore the previous

setting after testing the configuration.

7. In the Certificates screen (Figure 12-9) locate the server certificate loading section.

8. Click Browse and navigate to the cert.txt file, click Send File.

9. When the operation is completed, save the configuration (Section 5.10.2 on page 205)

and restart the MediaPack; the Embedded Web Server uses the provided certificate.

Notes:

• The certificate replacement process can be repeated when

necessary (e.g., the new certificate expires).

• It is possible to use the IP address of the MediaPack (e.g., 10.3.3.1)

instead of a qualified DNS name in the Subject Name. This practice

is not recommended since the IP address is subject to changes and

may not uniquely identify the device.

• The server certificate can also be loaded via ini file using the

parameter ‘HTTPSCertFileName’.