Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
Multiexcerpt | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||||
The Public Key Infrastructure (PKI) provides a common set of infrastructure features supporting public key and certificate-based authentication based on the RSA public/private key pairs and X.509 digital certificates. | ||||||||||||||||||||||||||||||||||||||||
Multiexcerpt | ||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||
Certificate TypesLocal-Internal CertificatesIn previous
The Local-Internal certificates are installed from a PEM-encoded certificate file. The filename often ends in a .pem or .crt extension. These files are base64-encoded ASCII, not binary files. For steps to configure local-internal certificates, see Generating PKI Certificates. Certificate file format: PKCS12PEM Local CertificatesLocal certificates are credentials belonging to the local system itself, which it presents to peers in order to prove its their identity. You must download upload local certificate files in PKCS#12 format to the system before installing the certificates. For Cloud
Certificate file format: PEM PKCS#12 Remote CertificatesRemote certificates are credentials belonging to Certificate Authorities (CA). The copies of these certificates are installed in the the
The Certificate Authority (CA) certificates and trusted remote certificates contain public key certificates; they do not contain the private keys. The CA certificates and remote certificates are Distinguished Encoding Rules (DER) format files; a method for encoding a data object (such as an X.509 certificate) which uses a digital signature to bind together a public key with an identity. Certificate file format: DER |
Include Page | ||||
---|---|---|---|---|
|
Code Block | ||
---|---|---|
| ||
% set system security pki certificate <certificate name> fileName <1-255 characters> passPhrase <pass phrase> state <disabled | enabled> type <local | local-internal | remote> % show system security pki % delete system security pki |
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Caption | ||||
---|---|---|---|---|
| ||||
Parameter | Description | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| ||||||||||||||
| <
| ||||||||||||||
| Specifies the pass-phrase to decrypt RSA private key in PKCS12 PKCS#12 file. Note: The | ||||||||||||||
| Administration state of this certificate. Options are:
| ||||||||||||||
| Specifies the certificate type – CA (remote) certificate or local certificate. Options are:
|
Multiexcerpt include | ||||||
---|---|---|---|---|---|---|
|
Example
To display security management configurationconfiguration for local
and remote
certificate types:
Code Block | ||
---|---|---|
| ||
% showset system security pki certificate SBC_LOCAL fileName sbc_server.p12 passphrase CertPassSecret type local state enabled certificate testSBCCert { state enabled; fileName sonuscert.pem type % set system security pki certificate COMPANY_CA filename company_ca.der type remote state enabled % commit % show system security pki certificate SBC_LOCAL state enabled; fileName sbc_server.p12; passPhrase $7$pedr0+bl4Mq95P0ITV/idUlmqRL4xUWR; type local; % show system security pki certificate COMPANY_CA state enabled; filename company_ca.der; type remote; |
Example configuration for local-internal
certificate type:
Code Block |
---|
% set system security pki certificate test3 type local-internal
% commit
% request system security pki certificate test3 generateCSR csrSub /C=US/ST=MA/L=Westford/O=Ribbon/CN=swe03.ribbon.com keySize keySize2K |
After receiving the signed certificate from CA, you can configure the local-internal certificate from a PEM file, or copy-paste the PEM file content (importCert certContent).
Code Block |
---|
% set system security pki certificate test3 fileName test3.pem state enabled % commit % request system security pki certificate test3 importCert certContent Value for 'certContent' (<string, min: 0 chars, max: 4096 chars>): [Multiline mode, exit with ctrl-D.] > -----BEGIN CERTIFICATE----- MIIDrzCCAxGgAwIBAgIJAOW6z3FjlVbjMAoGCCqGSM49BAMDMEsxCzAJBgNVBAYT ... Import certificate success. % set system security pki certificate test3 state enabled % commitlocal-internal; } certificate defaultSBCCert { state enabled; fileName sonuscert.p12; passPhrase $3$KFfiuJ0Lifk=; type local; } |
Pagebreak |
---|