Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

The BMC web application is available via TLS-secured (https) access either directly through port 443 or indirectly through port 80 to 443. ACL rules are not applicable to prevent unsecured (http) access. A sample X.509 certificate which is a copy of the BMC, and EMA certificates are shipped along with the SBC shipment. The size of this certificate is 2,048 bits.

The BMC uses the common local certificate store of the SBC (used also for SIP/TLS) rather than having its own separate certificate store. Certificate with RSA keys up to 4,096 bits are supported. However,

Spacevars
0company
 recommends using 2,048 bit certificates.

Info
titleNote

The BMC uses a separate certificate store that is independent from the SBC application certificate store. The SBC application certificate store is also used for SIP over TLS and for accessing EMA over HTTPS. Load private keys and certificates (both server and CA certificates) separately for the BMC and for the SBC application. For more information on managing certificates, refer to Managing Certificates.

Enter the following URL in the browser to access the SBC BMC GUI:

Code Block
languagenone
https://<BMC_IP_Address> 

where BMC IP address is the IP address of the BMC GUI.

The BMC also provides the interface which uploads the self-signed certificate to replace the sample X.509 certificates.

Info
titleNote

The

Spacevars
0product
is delivered with sample self-signed X-509 certificates. Please be aware that even though these sample certificates will allow you to use HTTPS to access the
Spacevars
0product
from the BMC or EMA interfaces, using this protocol with the sample certificates is not a truly secure access method. If your organization requires a more secure access, refer to Generating PKI Certificates.  


Include Page
Max_Nbr_TLS_Certs
Max_Nbr_TLS_Certs

Use the following procedure to upload self signed certificates using BMC:

  1. Log on to the

    Spacevars
    0product
     BMC using the IP address configured in the previous section.
    The
    Spacevars
    0product
     BMC main screen appears.

    Caption
    0Figure
    1BMC Main Screen

    Image Modified 


  2. Click Configuration > SSL. The SSL Certification Configuration screen is displayed.

    Caption
    0Figure
    1SSL Upload Screen


  3. Click Browse from the Upload SSL tab, and then from the Open dialog, browse to and select the BMC certificate.

    Info
    titleNote

    Perform the same to select the SSL key. 


    Info
    titleNote

    If you require the BMC to send a certificate chain of SSL certificates instead of its own server certificate only, you must import the intermediate CA and/or root CA certificates together with the SBC server certificate in one file. The file must contain all certificates in .pem format.


    Caption
    0Figure
    1Selecting BMC Certificate


  4. Click Open. The selected SSL Certificate and the Privacy Key appears in the tab.

  5. Click Upload to upload the new BMC certificate and the Privacy Key (if any).

    Caption
    0Figure
    1Uploading SSL Certificates


  6. Follow steps 4 through 6 to upload the Default Privacy Key. A pop up message appears stating that the HTTPs Service need to restart and seeking your permission to proceed.

    Caption
    0Figure
    1Successful Upload Message


  7. Click OK to restart the BMC web server to use the new SSL Certificate.
 


Noprint


Panel
bgColortransparent
borderWidth2

Continue to Changing the BMC Password.



Pagebreak