Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
...
Click the link Click to re-configure CCE application.
Caption | ||||
---|---|---|---|---|
| ||||
|
From the Raw (INI) Config drop down box, select Edit. Caption
View the CCE Configuration INI File window; this window enables editing of the CCE Configuration File.
Caption | ||||
---|---|---|---|---|
| ||||
|
Caption | ||||
---|---|---|---|---|
| ||||
Click OK.
Caption | ||||
---|---|---|---|---|
| ||||
Click Click to re-prepare the CCE.caption
0 | Figure |
---|---|
1 | Re-Prepare the CCE |
Scroll to the bottom of the window and click Prepare CCE. Caption
Enter the CCE VM Password and click OK. Caption
Spacevars | ||
---|---|---|
|
Click Apply. Caption
0 | Figure |
---|---|
1 | Remote Desktop to the ASM |
Configure the SBC for TLS as follows:
Access the WebUI.
Click Settings > Media > Media Crypto Profile. SDES-SRTP
Create a Crytpo Profile with the following settings below.:
Click OK.
Caption | ||||
---|---|---|---|---|
| ||||
From the desired Crypto Profile ID drop down list, select the desired profile (the newly created Crypto Profile).
Caption | ||||
---|---|---|---|---|
| ||||
Click Settings > Security > TLS Profiles.
Create a TLS profile with the following settings.
TLS Protocol = TLS 1.2 Only
Mutual Authentication = Enabled
Handshake Inactivity Timeout = 30 secs
Include all Client Ciphers
Validate Server FQDN = Enabled
Validate Client FQDN = Disabled
Click OK.
Note |
---|
Validate Client FQDN must be set to DISABLED. |
Edit the applicable CCE Signaling Group to add Listen Ports with the following parameters: Protocol: TLS, Port: 5067, and the TLS Profile created in the previous step.caption
0 | Figure |
---|---|
1 | Edit Signaling Group |
Edit the applicable SIP Server Table to use the following parameters: Protocol: TLS, Port: 5067 and the applicable CCE TLS Profile. Caption
0 | Figure |
---|---|
1 | Edit SIP Server Table |
...
Remote desktop to the CCE.
Execute the following Powershell command to Export the Root CA certificate: Export-CcRootCertificate -Path C:\UX\PUBLIC\XFER
Caption | ||||
---|---|---|---|---|
| ||||
Copy the CCE Root Certificate file to where it will be easily accessible to the SBC WebUI.
Caption | ||||
---|---|---|---|---|
| ||||
Import the CCE Root CA certificate into the SBC.
Caption | ||||
---|---|---|---|---|
| ||||
Caption | ||||
---|---|---|---|---|
| ||||
|
Select Security > SBC Certificates > Trusted CA Certificates. View the two Trusted CA Certificates (the SBC certificate and the certificate copied from the CCE). Caption
0 | Figure |
---|---|
1 | Trusted CA Certificates Listed |
Obtain a Trusted Root CA Certificate from the same Issuer that provided the original SBC Certificate. The CCE requires that the Trusted Root CA Certificate be in .p7b format.
Caption | ||||
---|---|---|---|---|
| ||||
|
The Certificate Service downloads a file that contains the Trusted Root CA. Take note of filename and location location of the Certificate. The Certificate must be in p7b format and the filename extension must be ".p7b". The following example is for demonstration purposes only and your Certificate Services system may generate a different filename.
Caption | ||||
---|---|---|---|---|
| ||||
|
Remote Desktop to the CCE and copy the New Trusted Root CA file to the folder C:\UX\PUBLIC\XFER.
Caption | ||||
---|---|---|---|---|
| ||||
In CCE, execute the following Powershell command to Import the New Trusted Root CA file:
Set-CcExternalCertificateFilePath - Path C:\UX\PUBLIC\XFER\certnew.p7b -Target MediationServer -Import
Note |
---|
Substitute your own file name for the "certnew.p7b" shown in the example. |
Caption | ||||
---|---|---|---|---|
| ||||