User's Manual
Avaya Branch Gateway Manager 10.0 Page 82
15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway
· Pasted from clipboard in PEM format, including header and footer text.
· View
View the current certificate. The certificate (not the private key) may also be installed into the local PC
certificate store for export or later use when running the manager in secured mode.
· Delete
Delete the current certificate. When sent to the system, the system will generate a new certificate when next
required. This can take up to 5 minutes to generate. During this time, normal system operation is suspended.
· Offer Certificate: Default = On.
This is a fixed value for indication purposes only. This sets whether the system will offer a certificate in the TLS
exchange when the Avaya Branch Gateway is acting as a TLS server, which occurs when accessing a secured
service.
· Private Key: Default = None.
This is a fixed value for indication purposes only. This indicate whether the system has a private key associated with
the certificate.
· Device Certificate Name: Default = None. Release 6.2+.
· Received Certificate Checks (Management Interface): Default = None.
This setting is used configuration administration connections to the system by applications such as Branch Gateway
Manager. When the Service Security Level of the service being used is set to High, a certificate is requested by
the system. The received certificate is tested as follows:
· None: No extra checks are made (The certificate must be in date).
· Low: Certificate minimum key size 512 bits, in date.
· Medium: Certificate minimum key size 1024 bits, in date, match to store, no reflected.
· High: Certificate minimum key size 1024 bits, in date, match to store, no self signed, no reflected.
· Received Certificate Checks (Telephony Endpoints): Default = None.
This setting is used with IP telephony endpoints connecting to the system.
· None: No extra checks are made (The certificate must be in date).
· Low: Certificate minimum key size 512 bits, in date.
· Medium: Certificate minimum key size 1024 bits, in date, match to store, no reflected.
· High: Certificate minimum key size 1024 bits, in date, match to store, no self signed, no reflected.
· Trusted Certificate Store: Default = Empty.
The certificate store contains a set of trusted certificates used to evaluate received client certificates. Up to 25 X.509v3
certificates may be installed. The source may be:
· Current User Certificate Store.
· Local Machine Certificate Store.
· File in PKCS#12 (.pfx), DER (.cer), or password protected DER (.cer) format.
· Pasted from clipboard in PEM format, including header and footer text.
· Add
Sets the current Server Certificate and associated private key. The certificate and key must be a matching
pair. The source may be:
· Current User Certificate Store.
· Local Machine Certificate Store.
· File in PKCS#12 (.pfx), DER (.cer), or password protected DER (.cer) format.
· Pasted from clipboard in PEM format, including header and footer text.
· View
View the current selected certificate. The certificate (not the private key) may also be installed into the local
PC certificate store for export or later use when running the manager in secured mode.
· Delete
Delete the current selected certificate. Any services currently using the certificate are disconnected and
disabled until the appropriate certificate is added back into the security configuration. That includes SSL VPN
connections being used to perform system maintenance.
· SCEP Settings: Release 6.2+.
The Simple Certificate Enrollment Protocol is a protocol intended to ease the issuing of certificates in a network where
numerous devices are using certificates. Rather than having to individually administer the certificate being used by
each device, the devices can be configured to request a certificate using SCEP. These settings are used for B5800
Branch Gateway systems.
84