Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
Multiexcerpt | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
The Public Key Infrastructure (PKI) provides a common set of infrastructure features supporting public key and certificate-based authentication based on the RSA public/private key pairs and X.509 digital certificates. Certificate TypesLocal-Internal CertificatesIn previous
The Certificate file format: PEM Local CertificatesLocal certificates are credentials belonging to the local system, which it presents to peers to prove their identity. You must upload local certificate files in PKCS#12 format to the system before installing the certificates. For Cloud
Certificate file format: PKCS#12PKCS#12 containing both the local SBC certificate and corresponding private key, or the local certificate and corresponding private key in PEM or DER format. Remote CertificatesRemote certificates are credentials belonging to Certificate Authorities (CA). The copies of these certificates are installed in the
The Certificate Authority (CA) certificates and trusted remote certificates contain public key certificates; they do not contain the private keys. The CA certificates and remote certificates are Distinguished Encoding Rules (DER) format files, a method for encoding a data object (such as an X.509 certificate) that uses a digital signature to bind together a public key with an identity. Certificate file format: DER |
Include Page | ||||
---|---|---|---|---|
|
Info | ||
---|---|---|
| ||
The DER content of the certificate being installed must be under 6400 Bytes. |
Code Block | ||
---|---|---|
| ||
% set system security pki certificate <certificate name> fileName <1-255 characters> passPhrase <pass phrase> state <disabled | enabled> type <local | local-internal | remote> keyFileName <1-255 characters> % show system security pki % delete system security pki |
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Info | ||
---|---|---|
| ||
The |
Parameter | Length/Range | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Up to 23 characters |
| ||||||||||||
| Up to 255 characters | < Supported file formats:
| ||||||||||||
| Up to 255 characters | The name of the file containing the private key in DER/PEM format. Supports up to 255 characters Leave this parameter empty if importing a PKCS#12 file. | ||||||||||||
| Up to 23 characters | Specifies either the pass-phrase to decrypt the RSA private key in the PKCS#12 file .Note: The | ||||||||||||
| N/A | Enable this flag to use the certificate once it has been installed.
Administration state of this certificate. Options are:
You must first install the certificate on the | ||||||||||||
| N/A |
| Specifies the certificate type – CA (remote) certificate or local certificate. Options are:
|
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Configuration example for local
and remote
certificate types:
Code Block |
---|
set system security pki certificate SBC_LOCAL fileName sbc_server.p12 passphrase CertPassSecret type local state enabled set system security pki certificate COMPANY_CA filename company_ca.der type remote state enabled commit set system security pki certificate COMPANY_CA filename company_ca.pem type remote state enabled commit show system security pki certificate SBC_LOCAL state enabled; fileName sbc_server.p12; passPhrase $7$pedr0+bl4Mq95P0ITV/idUlmqRL4xUWR; type local; show system security pki certificate COMPANY_CA state enabled; filename company_ca.der; type remote; |
Configuration example for local-internal
certificate type:
Code Block |
---|
set system security pki certificate test3 type local-internal commit request system security pki certificate test3 generateCSR csrSub /C=US/ST=MA/L=Westford/O=Ribbon/CN=swe03.ribbon.com keySize keySize2K |
After receiving the signed certificate from CA, you can configure the local-internal certificate from a PEM file, or copy-paste the PEM file content (importCert certContent).
Code Block |
---|
set system security pki certificate test3 fileName test3.pem state enabled commit request system security pki certificate test3 importCert certContent Value for 'certContent' (<string, min: 0 chars, max: 4096 chars>): [Multiline mode, exit with ctrl-D.] > -----BEGIN CERTIFICATE----- MIIDrzCCAxGgAwIBAgIJAOW6z3FjlVbjMAoGCCqGSM49BAMDMEsxCzAJBgNVBAYT ... Import certificate success. set system security pki certificate test3 state enabled commit |
Configuration example - Importing PEM/DER certificates and keys:
Code Block | ||
---|---|---|
| ||
set system security pki certificate newcert type local fileName mycert.pem keyFileName mycert.key passPhrase sonus Commit complete. |
Configuration example - The PEM/DER keys are supported:
Code Block |
---|
set system security pki certificate newcert4 type local fileName mycert.pem keyFileName mycert.key.der Commit complete. |
Configuration example - The PKCS12 certificates are not supported in FIPS mode:
Code Block |
---|
set system security pki certificate myp12 state enabled type local fileName mycert.p12 passPhrase sonus Aborted: 'system security pki certificate': PKCS12 certs are not supported in FIPS mode; please provide both cert and key as PEM/DER. |
Configuration example - Importing encrypted keys without passphrase fails:
Code Block |
---|
set system security pki certificate newcert3 type local fileName mycert.pem keyFileName mycert.key.enc Aborted: 'system security pki certificate': Failed to read private key, please verify key/passphrase |