Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: rebranding
Panel

In this section:

Table of Contents
maxLevel2

Info
iconfalse

Related articles:

Children Display

 

This topic explains how to generate and install RSA key pairs and generate Certificate Signing Request (CSR) on the

Spacevars
0series4
systems. The certificate request is then sent to a CA, and the issued certificate is then installed on the SBC. This feature simplifies the certificates and keys managing process, and also provides more security than previous methods since the private key never leaves the SBC system. For feature description, see Certificate Management.

Note
iconfalse

Note

During this procedure, the CSR contents display in an alert message. The simplest method to copy this data is to use the mouse to click-and-drag the contents, and then copy-paste elsewhere. Sonus Ribbon recommends using Firefox Web browser to perform this procedure since it supports this simple copy-paste method.

Include Page
Max_Nbr_TLS_Certs
Max_Nbr_TLS_Certs

Generate RSA Key Pairs and CSRs Using EMA

  1. Login to EMA GUI.

  2. Create a configuration object to hold a locally generated RSA key pair.

    1. On the main screen, go to one of the following locations:

      • All > System > Security > PKI > Certificate

      • Configuration > Security Configuration > PKI > Certificate
        The Certificate screen is displayed.

        Caption
        0Figure
        1Certificate Screen

        Image RemovedImage Added

    2. Click New Certificate.

      Caption
      0Figure
      1New Certificate Button

    3. The following fields are displayed:

       

      Parameter

      Description

      Name

      Specifies the name of the certificate.

      State

      Leave as Disabled (default value).

      File Name

       NA

      Pass Phrase NA
      TypeFrom the drop-down list select local-internal.
    4. Click Save to save the changes. The new Certificate is displayed at the bottom of the original Certificate in the Certificate List panel.

  3. Generate Key pair and CSR (certificate signing request) for submission to a Certificate Authority (CA):

    1. Select newly-created certificate from the list. The Certificate screen refreshes with the newly-created certificate object, and now displays the Edit Selected Certificate and Certification Commands options in the lower pane.

      Caption
      0Figure
      1Edit Selected Certificate

      Image RemovedImage Added



    2. Select Generate CSR option from the Certificate Commands drop-down menu, and click Select. The SBC Generate CSR Command dialog is displayed.

      Caption
      0Figure
      1SBC generateCSR Command Dialog

    3. The following are the Certificate parameters:

       

      Parameter

      Description

      key Size 

      The size in bits of the key pair to generate the private key.

      • keySize1k – 1024 bits

      • keySize2k (default) – 2048 bits

      Note
      iconfalse

      Note

      Sonus Ribbon recommends using the 2048 bit key size wherever possible since it provides greater security strength.

      Csr Subscription

      <csr subject name> The name of the CSR subject using the following format.

      Note
      iconfalse

      Note

      At least one of the following keys must be specified in the csr subject name.

      /C=<xx>/ST=<xx>/L=<string>/O=<string>/CN=<string>

      Where:

      • C = 2-digit country abbreviation
      • ST = 2-digit state or province abbreviation
      • L = Locality name
      • O = Organization name
      • CN = Common Name

      Example:

      /C=US/ST=MA/L=Westford/O=Sonus Ribbon Inc./CN=www.sonusnetribbonnet.com

      Subject Alternative Dns Name

      Specifies the names of the alternative DNS subjects. Multiple alternative names can be specified using "," (comma) as a separator.

      For example:

      "nj.sonusnetribbonnet.com, in.sonusnetribbonnet.com, uk.sonusnetribbonnet.com, ca.sonusnetribbonnet.com, tx.sonusnetribbonnet.com"

      Note
      iconfalse

      Note

      This field is available from 4.0.2 release.

    4. Make the required changes to the required fields and click generateCSR. The CSR displays in an alert message similar to below:

      Caption
      0Figure
      1CSR Example

  4. Copy-paste CSR content. Two methods are described below:

    1. Firefox: Click-and-drag your mouse pointer to highlight the text, then do a Ctrl+C, Ctrl+V to copy and paste contents elsewhere.

    2. Internet Explorer: Click the alert message, and then perform a Ctrl-A to select it, a Ctrl-C to copy contents, and a Ctrl-V to paste contents elsewhere.

      Note
      iconfalse

      Note

      Using IE method may result in copying additional web page data unrelated to CSR content within the CSR header and footer. If this occurs, be sure to remove the irrelevant content.

  5. Contact CA to request a certificate using the generated CSR results.

See CSR Subject Field Syntax for descriptions of the fields.

Generate RSA Key Pairs and CSRs Using CLI

  1. Login to the SBC CLI, and switch to Configure mode.

  2. Create a configuration object to hold a locally generated RSA key pair:

    Code Block
    % set system security pki certificate <certName> type local-internal
  3. Generate Key pair and CSR for submission to a Certificate Authority (CA):

    Code Block
    % request system security pki certificate <certName created from step 2> generateCSR csrSub <csrSub> keySize <keySize>
  4. Contact CA to request certificate using the generated CSR.

  5. Once CA issues the certificate, place the certificate in SBC at /opt/sonus/external/<PEM_filename> and install the certificate using the command:

    Code Block
    % set system security pki certificate <certName> filename <PEM_filename> state enabled

Import Certificate Using EMA

Use one of the following methods to import certificate:

 

Anchor
Use importCert Command
Use importCert Command
Use importCert Command:

  1. On the main screen, go to one of the following locations:

    • All > System > Security > PKI > Certificate

    • Configuration > Security Configuration > PKI > Certificate

      Caption
      0Figure
      1Certificate Screen

  2. Click the radio button next to the specific Certificate which you want to import.

    Caption
    0Figure
    1Edit Selected Certificate

    Image RemovedImage Added

  3. Select importCert from Certificate Commands drop-down menu, and click Select. The SBC importCert Command pop-up dialog is displayed.

    Caption
    0Figure
    1Import Cert Command Dialog



  4. Copy and paste the returned certificate content from the CA to the Cert Content field.

  5. Click importCert to import the certificate content to the SBC.

     

Anchor
Copy certificate to /opt/sonus/external
Copy certificate to /opt/sonus/external
Copy certificate to /opt/sonus/external:

  1. Once CA issues the certificate, place the certificate in the SBC directory: /opt/sonus/external/<PEM_filename>

  2. On the main screen, go to one of the following locations:

    • All > System > Security > PKI > Certificate

    • Configuration > Security Configuration > PKI > Certificate

      Caption
      0Figure
      1Certificate Screen

  3. Click the radio button next to the specific Certificate which you want to copy.

    Caption
    0Figure
    1Edit Selected Certificate

    Image RemovedImage Added

  4. From the Edit Selected Certificate screen, click File Name field and enter the PEM filename.

  5. Set State to Enabled and click Save.

    Caption
    0Figure
    1Enable Certificate

Info
titleInfo

For command details, see following pages:

Pagebreak