Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Note: "If you require the BMC to send a certificate chain of SSL certificates instead of its own server certificate only, you'll need to import the intermediate CA and/or root CA certificates together with the SBC server certificate in one file. The file has to contain all certificates in .pem format.

Add_workflow_for_techpubs
AUTH1ghoppe
JIRAIDAUTHSBX-66396
REV5ghoppe
REV6ghoppe
REV3
REV1

 

The BMC web application is available via TLS-secured (https) access either directly through port 443 or indirectly through port 80 to 443. ACL rules are not applicable to prevent unsecured (http) access. A sample X.509 certificate which is a copy of the BMC, Platform Manager and EMA certificates are shipped along with the SBC shipment. The size of this certificate is 2,048 bits.

The BMC uses the common local certificate store of the SBC (used also for SIP/TLS) rather than having its own separate certificate store. Certificate with RSA keys up to 4,096 bits are supported. However, Sonus recommends using 2,048 bit certificates.

Enter the following URL in the browser to access the SBC BMC GUI:

https://<BMC IP Address>

where BMC IP Address is the IP address of the BMC GUI.

The BMC also provides the interface which uploads the self-signed certificate to replace the sample X.509 certificates.

Info
iconfalse
titleNote

The SBC is delivered with sample self-signed X-509 certificates. Please be aware that even though these sample certificates will allow you to use HTTPS to access the SBC from BMC, Platform Manager or EMA interfaces, using this protocol with the sample certificates is not a truly secure access method. If your organization requires a more secure access, refer to Generating PKI Certificates

 

Include Page
Max_Nbr_TLS_Certs
Max_Nbr_TLS_Certs

The following procedure describes how to upload self signed certificates using BMC:

  1. Log on to the SBC BMC GUI using the IP address configured in the previous section. The SBC BMC main screen appears.

     

  2. Navigate to Configuration > SSL. By default, the Upload SSL tab is displayed.

    Caption
    0Figure
    1SSL Upload Screen

    Image Modified

  3. Click Choose File from the New SSL Certificate. From the Open dialog, browse to and select the BMC certificate and click Open.

    Note
    If you require the BMC to send a certificate chain of SSL certificates instead of its own server certificate only, you must import the intermediate CA and/or root CA certificates together with the SBC server certificate in one file. The file must contain all certificates in .pem format.
    Caption
    0Figure
    1Selecting BMC Certificate

    Image Modified

  4. Click Upload to upload the new BMC Certificate and BMC Privacy key.

    Caption
    0Figure
    1Uploading SSL Certificates

    Image Modified

  5. A message appears to replace the existing certificate with the new SSL certificate. This will restart the HTTPs service. Click OK to continue.

    Caption
    0Figure
    1Replacing Existing SSL Certificate

    Image Modified

  6. The certificates are successfully uploaded and replaced with the new SSL certificate. A confirmation message appears.

    Caption
    0Figure
    1Successful Upload Message

    Image Modified

  7. Close the BMC web session and open a new browser session to reconnect to the BMC.

 

Noprint
Panel
borderColorgreen
bgColortransparent
borderWidth2

Continue to Changing the SBC 7000 BMC Password.

Pagebreak