Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a0c86e9b2550016ec54396b5000a, userName='null'}
JIRAIDAUTHSBX-

111139

116750
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV3UserResourceIdentifier{userKey=

8a00a0c86573c0900165a43340b2002e

8a00a0c8779e4b220177e10c6c5a003a, userName='null'}
REV1UserResourceIdentifier{userKey=

8a00a0c86573c09001659db4327e0018

8a00a0c8779e4b220177e10c6c5a003a, userName='null'}


Panel

In this section:

Table of Contents
maxLevel3



 

Multiexcerpt include
MultiExcerptNameCertificate Types
PageWithExcerptPKI Security - CLI

Include Page
_Max_Nbr_TLS_Certs
_Max_Nbr_TLS_Certs


Info
titleNote

The DER content of the certificate being installed must be under 6400 Bytes.


Managing Certificates

To Create a Certificate

Perform the following steps to create a new Certificate.

  1. 1New Certificate tab

    Click New Certificate tab on the Certificate List panel. 

    Caption0Figure


    Image Modified

    The Create New Certificate window displays. 

    Caption0Figure


    1New Certificate window

    Image Modified


  2. Complete the fields using the table below for guidance.

    State

    Parameter

    Description

    Name

    Specifies the name of the certificate.

    Enable this flag to enable the use of the certificate once it has been installed. The options are:

    • Disabled (default)
    • Enabled

    File Name

    <filename> – Enter the filename and set state to "enabled" to install the certificate.

    File Name format:

    • Local-Internal: PKCS#12
    • Local: PEM
    • Remote: DER, PEM

    Name

    Specifies the name of the certificate.

    Pass Phrase Specifies the Pass-phrase to decrypt RSA private key in PKCS#12 file.

    State

    Enable this flag to enable the use of the certificate once it has been installed. The options are:

    • Disabled (default)
    • Enabled
    Type

    Use this object to specify the type of certificate:

    • Local-internal – Certificate belongs to (has as its subject) the local system itself; the key pair and CSR were generated on this machine.
    • Local – Certificate belongs to (has as its subject) the local system itself; the key pair and CSR were generated elsewhere
    • Remote – Certificate belongs to (has as its subject) a remote entity such as a CA or a peer device.



  3. Click Save to save your changes.

To View a Certificate

On the SBC main screen, go to Configuration > Security Configuration >PKI > Certificate.

The Certificate window displays. 

Caption0Figure1Certificate window


Image Modified

To Edit a Certificate

Perform the following steps to edit a Certificate in the list.

  1. Click on the specific Certificate name. 

  2. 1Certificate Edit Window

    Observe the Edit Selected Certificate window displays.

    Caption0Figure


    Image Modified


  3. Make the necessary changes, and click Save to save your changes.

To Copy a Certificate

Perform the following steps to copy a created Certificate, and to make any minor changes.

  1. 0

    Click the radio button next to the specific Certificate to highlight the row. 

    Caption


    Figure1Copy a certificate-1

    Image Modified


  2. Click Copy Certificate tab on the Certificate List panel. 

    caption


    0Figure
    1Copy a certificate-2

    Image Modified


    The Copy Selected Certificate window displays, along with the editable fields. 

    Caption0Figure1Copy a certificate-3


    Image Modified


  3. Make the required changes to the required fields, and click Save to save the changes.
    The copied Certificate displays at the bottom of the original Certificate in the Certificate List panel.

To Delete a Certificate

Perform the following steps to delete a Certificate.

  1. 0Figure

    Click the radio button next to the specific Certificate which you want to delete. 

    Caption


    1Delete a certificate-1


    Image Modified


  2. Click Delete at the end of the highlighted row. 

    Caption0


    Figure1Delete a certificate-2

    Image Modified

    A delete confirmation message appears seeking your decision. 

    Caption0Figure1Delete a certificate-3


    Image Modified


  3. Click Yes to remove the specific Certificate from the list.

Certificate Commands

Click the radio button next to the specific Certificate to highlight the row.

0Figure1

The Certificate Command window displays at the bottom of the screen.

Caption


Security Configuration - PKI - Certificate Commands

Image Modified

Command options:

  • Use the Generate CSR keyword to generate the CSR and display it on the screen.
  • Use the Import Cert keyword to import signed certificate.
  • To view the complete content of the certificate, use the Retrieve Cert Content command.

Generate CSR Command

1Security Configuration - PKI - Certificate Commands - GenerateCSR

When you select the certificate command Generate CSR, and click Select, the following dialog displays:

Caption0Figure


Image Modified

SAN Support

The Subjective Alternative Name (SAN) is an X509 version 3 extension that allows an SSL certificate to specify multiple names that the certificate should match. This allows you to secure a large number of domains with only one certificate. Even when SAN contains eMail addresses, IP Addresses, Regular DNS Host Name, and so on, SBC now supports only DNS Host Name.

The Lync 2013 video call requires a unique FQDN to identify SBC. This FQDN is not the same as the one used by the Mediation server for regular Audio Only calls. Since SBC now requires 2 FQDN to place bothe Audio and Video calls on Lync using static route from Lync FE, SBC local certificate must contain both the FQDNs for CN and SAN. This is required for a successful TLS connection set up between Lync and SBC.

Security Configuration - PKI - Certificate Commands - GenerateCSR Certificate Signing Request

To continue, select "Key Size", enter "Csr Sub" name and click generateCSR. The Certificate Signing Request (CSR) is generated similar to the example below:

Caption0Figure1


Image Modified

Click OK to exit.

Import Cert Command

When you select the certificate command Import Cert, and click Select the following dialog displays:

caption


0Figure
1Security Configuration - PKI - Certificate Commands - ImportCert

Image Modified


Note

You can cut-and-paste the returned certificate content from Certificate Authority (CA) in the certContent field on the pop-up window and click importCert to complete the task.

To continue, enter "Cert Content" description and click importCert.

Once the certificate is successfully imported, return to the Certificate screen and change State to "enabled" to enable the certificate.

The following are table lists the Certificate certificate parameters:

Caption0Table1Certificate Parameters

Parameter

Description

csrSub

Csr Subscription

<csr subject name> – The name of the CSR subject using the following format.

NOTE: You must specify at least one of the following keys in the csr subject name

/C=<xx>/ST=<xx>/L=<string>/O=<string>/CN=<string>

Where:

  • C = 2-digit country abbreviation
  • ST = 2-digit state or province abbreviation
  • L = Locality name
  • O = Organization name
  • CN = Common Name

Example:

/C=US/ST=MA/L=Westford/O=Example Inc./CN=www.example.com

keySize 

Key Size 

The size in bits of the key pair to generate the private key.

  • keySize1k – 1024 bits

  • keySize2k – 2048 bits

  • keySize4k (default) – 4096 bits
Subject Alternative Dns Name

Specifies the names of the alternative DNS subjects. Multiple alternative names can be specified using "," (comma) as a separator.

(Max: 4096 characters)

For example:

"nj.example.com, in.example.com, uk.example.com, ca.example.com, tx.example.com"

Retrieve Cert Content

The Retrieve Cert Content command extracts the complete certificate information including the serial number and the validity period.

  1. On the Certificate Commands window, select Retrieve Cert Content command.

    Note

    You cannot view the Private Key in the retrieved certificate content.

    The following window displays: 

    Caption
    0Figure
    1retrieveCertContent

    Image Modified


  2. Click retrieveCertContent to proceed and to view the complete information of the certificate.

    The Message window displays, providing all the information of the certificate.

    caption
    Note

    This certificate content is an ASCII representation of X.509 format.

    0Figure
    1Retrieve Cert Content Message

    Image Modified
    Image Modified


  3. Click Ok to exit.
pagebreak