Panel |
---|
...
borderColor | green |
---|---|
bgColor | transparent |
borderWidth | 2 |
...
Noprint |
---|
Additional sections:
Children Display | ||
---|---|---|
|
In this section:
|
Info | ||
---|---|---|
| ||
Related articles:
|
...
In this section:
...
This topic explains how to generate and install RSA key pairs and generate Certificate Signing Request (CSR) on the
systems. The certificate request is then sent to a CA, and the issued certificate is then installed on the SBC. This feature simplifies the certificates and keys managing process, and also provides more security than previous methods since the private key never leaves the SBC system. For feature description, see Certificate Management. Spacevars 0 series4
Note | ||
---|---|---|
| ||
Note During this procedure, the CSR contents display in an alert message. The simplest method to copy this data is to use the mouse to click-and-drag the contents, and then copy-paste elsewhere. Sonus recommends using Firefox Web browser to perform this procedure since it supports this simple copy-paste method. |
Include Page | ||||
---|---|---|---|---|
|
Create a configuration object to hold a locally generated RSA key pair.
On the main screen, go to one of the following locations:
All > System > Security > PKI > Certificate
Configuration > Security Configuration > PKI > Certificate
The Certificate screen is displayed.
Caption | ||||
---|---|---|---|---|
|
...
Click New Certificate.
Caption | ||||
---|---|---|---|---|
| ||||
The following fields are displayed:
Parameter | Description |
---|---|
| Specifies the name of the certificate. |
| Leave as Disabled (default value).
|
|
|
Pass Phrase | NA |
Type | From the drop-down list select local-internal. |
Click Save to save the changes. The new Certificate is displayed at the bottom of the original Certificate in the Certificate List panel.
Generate Key pair and CSR (certificate signing request) for submission to a Certificate Authority (CA):
Select newly-created certificate from the list. The Certificate screen refreshes with the newly-created certificate object, and now displays the Edit Selected Certificate and Certification Commands options in the lower pane.
Caption | ||||
---|---|---|---|---|
|
...
Select Generate CSR option from the Certificate Commands drop-down menu, and click Select. The SBC Generate CSR Command dialog is displayed.
Caption | ||||
---|---|---|---|---|
| ||||
The following are the Certificate parameters:
Parameter | Description |
---|---|
|
...
| The size in bits of the key pair to generate the private key.
| |||||
|
Where:
Example:
| |||||
Subject Alternative Dns Name | Specifies the names of the alternative DNS subjects. Multiple alternative names can be specified using "," (comma) as a separator. For example: "nj.sonusnet.com, in.sonusnet.com, uk.sonusnet.com, ca.sonusnet.com, tx.sonusnet.com"
|
Make the required changes to the required fields and click generateCSR. The CSR displays in an alert message similar to below:
Caption | ||||
---|---|---|---|---|
| ||||
Internet Explorer: Click the alert message, and then perform a Ctrl-A to select it, a Ctrl-C to copy contents, and a Ctrl-V to paste contents elsewhere.
Note | ||
---|---|---|
| ||
Note Using IE method may result in copying additional web page data unrelated to CSR content within the CSR header and footer. If this occurs, be sure to remove the irrelevant content. |
Contact CA to request a certificate using the generated CSR results.
See CSR Subject Field Syntax for descriptions of the fields.
Create a configuration object to hold a locally generated RSA key pair:
Code Block |
---|
% set system security pki certificate <certName> type local-internal |
Generate Key pair and CSR for submission to a Certificate Authority (CA):
Code Block |
---|
% request system security pki certificate <certName created from step 2> generateCSR csrSub <csrSub> keySize <keySize> |
Once CA issues the certificate, place the certificate in SBC at /opt/sonus/external/<PEM_filename>
and install the certificate using the command:
Code Block |
---|
% set system security pki certificate <certName> filename <PEM_filename> state enabled |
Use one of the following methods to import certificate:
Use importCert Command: Anchor Use importCert Command Use importCert Command
On the main screen, go to one of the following locations:
All > System > Security > PKI > Certificate
Configuration > Security Configuration > PKI > Certificate
Caption | ||||
---|---|---|---|---|
| ||||
Click the radio button next to the specific Certificate which you want to import.
Caption | ||||
---|---|---|---|---|
|
...
Select importCert from Certificate Commands drop-down menu, and click Select. The SBC importCert Command pop-up dialog is displayed.
Caption | ||||
---|---|---|---|---|
| ||||
Click importCert to import the certificate content to the SBC.
Copy certificate to /opt/sonus/external: Anchor Copy certificate to /opt/sonus/external Copy certificate to /opt/sonus/external
/opt/sonus/external/<PEM_filename>
On the main screen, go to one of the following locations:
All > System > Security > PKI > Certificate
Configuration > Security Configuration > PKI > Certificate
Caption | ||||
---|---|---|---|---|
| ||||
Click the radio button next to the specific Certificate which you want to copy.
Caption | ||||
---|---|---|---|---|
|
...
Set State to Enabled and click Save.
Caption | ||||
---|---|---|---|---|
| ||||
Info | ||
---|---|---|
| ||
For command details, see following pages:
|
Pagebreak |
---|