The BMC web application is available via TLS-secured (https) access either directly through port 443 or indirectly through port 80 to 443. ACL rules are not applicable to prevent unsecured (http) access. A sample X.509 certificate, which is a copy of the BMC and EMA certificates, is shipped along with the SBC shipment. The size of this certificate is 2,048 bits.

The BMC uses the common local certificate store of the SBC (used also for SIP/TLS) rather than having its separate certificate store. Certificates with RSA keys up to 4,096 bits are supported. However, Ribbon recommends using 2,048-bit certificates. The BMC also provides an interface that uploads the self-signed certificate to replace the sample X.509 certificates.

Note

The SBC is delivered with sample self-signed X-509 certificates. Please be aware that even though these sample certificates allow you to use HTTPS to access the SBC from BMC, or EMA interfaces, using this protocol with the sample certificates is not a secure access method. If your organization requires more secure access, refer to Generating PKI Certificates



Note

The SBC supports a maximum of 4,096 TLS certificates/CAs (both local and remote).

The SBC allows importing of a single certificate in a single file only. If a CA provides a .p12 or a .pfx certificate bundle with multiple CA certificates in it, extract the certificates from the bundle, store them in separate files, and import them separately.

The following procedure describes how to upload self-signed certificates using the BMC:

  1. Log on to the SBC BMC using the IP address established in the previous section. The SBC BMC main screen displays.


  2. Navigate to Configuration > SSL.


    The SSL Certificate Configuration window is displayed. By default, the Upload SSL tab is displayed.

  3. Click Choose File to select the Certificate and/or Privacy Key file (.pem format) from your local machine.
  4. From your file explorer, browse to and select the BMC certificate.

  5. From the SSL Certificate Configuration screen, click Upload to upload the new BMC Certificate and BMC Privacy key.



  6. A message asks for confirmation to replace the existing certificate with the new SSL certificate, and to restart the HTTPs service. Click OK to continue.


    Once the certificates are successfully uploaded and the old certificates are replaced with the new SSL certificate, the following message is displayed: 

  7. Close the BMC web session and open a new browser to reconnect to the BMC.


  • No labels