Panel | ||||
---|---|---|---|---|
In this section:
|
The
Spacevars | ||
---|---|---|
|
The status of the certificates corresponding to established ongoing TLS sessions, however, may change over the lifetime of the TLS session, especially when the sessions are long-lived. The SBC periodically checks all certificates and trust chains associated with ongoing sessions, and then terminates any ongoing sessions if the corresponding certificates are revoked, no longer trusted, or expired.
Remote certificates are installed in the SBC for presentation along with local certificates, installed as trust anchors for the verification of credentials presented by peer devices, and installed as the OCSP responder certificates for the verification of signed OCSP responses. These installed remote certificates are not automatically renewed and thus can expire. The SBC gives the user an alert before any installed certificates are near expiration so the user can take action upon it.
Upon failure of any one of the checks, the SBC terminates the TLS session and logs a MAJOR level event (sonusSbxFailedCertificateReCheck) to alert the user. The one exception will be if OSCP is enabled but SBC does not receive revocation status of successful.good or successful.revoked, the corresponding TLS session continues for SIP/TLS.
SBC logs an event into the security event log at a high severity level when a local or remote certification installed on SBC is within 60 days of its expiration date. The event repeats based on the configuration available in the expiration periodic warning until the certification is replaced or deleted (even after it has expired).
Note |
---|
Disabled certificates are not included in the certificate expiry warning check. |
On SBC main screen, go to Configuration > System Provisioning > Security Configuration > Cert Expiry Check. The Cert Expiry Check window is displayed.
Caption | ||||
---|---|---|---|---|
| ||||
|
The following fields are displayed:
Caption | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
Make the required changes and click Save at the right hand bottom of the panel to save the changes made.