Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

Noprint
Panel
borderColorgreen
bgColortransparent
borderWidth2

Back to Table of Contents

Back to CLI Configure Mode

Back to Profiles - CLI

Back to Security - CLI

The 

Spacevars
0product
EMA is enhanced to interface with the common certificate pool using the EMA TLS Profile. The certificates used for HTTPS are exported from the database to the local disk space, and then the EMA TLS Profile facilitates selecting a certificate from the pool and uploading it to the EMA. Two types of files are supported: p12 and pem, The SBC supports SHA-256 for certificate verification.

...

  1. Click Start and enter "Java Control Panel" in the Search field.
  2. Launch the Java Control Panel program.
  3. From the Java Control Panel, select Advanced tab.
  4. Check both "Use TLS 1.1" and "Use TLS 1.2" options under Advanced Security Settings section, and click Apply.
  5. Restart your browser for the changes to take effect.

Command Syntax

Code Block
languagenone
% set profiles security EmaTlsProfile <EMA TLS profile name>
	ClientCaCert <CA certificate name>
	authClient <false | true>
	ocspProfileName <OCSP profile name>
	serverCertName <server certificate>
	v1_0 <disabled | enabled>
	v1_1 <disabled | enabled>
	v1_2 <disabled | enabled>

% show profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name>

% delete profiles security EmaTlsProfile <EMA TLS profile name> ClientCaCert <CA certificate name>

Command Parameters

The EMA TLS Profile parameters are as shown below:

Caption
0Table
1EMA TLS Profile parameters

 

ParameterLength/RangeDescription
<EMA TLS Profile name>1-23 characters

The name of the EMA TLS Profile.

Note

Only one EMA TLS Profile may be configured at any given time.

ClientCaCertN/AThe name of the EMA-CA certificate associated with this EMA-TLS profile.
authClientN/A

 

Set flag to "true" to force the EMA-TLS client to authenticate itself within TLS. If this field is set false,
the client must complete authentication within a higher level protocol once the EMA-TLS connection is up.

  • false
  • true (default)
ocspProfileNameN/A The name of the OCSP profile associated with this EMA-TLS profile.
serverCertNameN/A The name of the server certificate associated with this EMA-TLS profile.
v1_0N/A

TLS protocol version 1.0

...

  • disabled

...

  • (default)
  • enabled
v1_1N/A

TLS protocol version 1.1

...

  • disabled (default)
  • enabled
v1_2N/A

TLS protocol version 1.2

...

  • disabled
  • enabled (default)

Command Example

Code Block
languagenone
% show profiles security EmaTlsProfile
EmaTlsProfile defaultEmaTlsProfile {
    authClient     true;
    serverCertName defaultSBCCert;
    v1_0           enableddisabled;
    v1_1           disabled;
    v1_2           enabled;
} 

...