Versions Compared

Old Version 4

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. From the Settings tab, navigate to System > Licensing > Install New License.
  2. Open the license file to get the license key and paste in the tab as shown in the snapshot.
  3. Click Apply.

...

TLS Certificate

Generating CSR

From the Settings tab, navigate to Security > SBC Certificates > Generate SBC Edge CertificatesCSR.

  1. Provide the Common Name of the SBC that includes Host and Domain.
  2. Set the Key Length to 2048 bits.
  3. Provide the location information.
  4. Click OK.
  5. The CSR will be generated and displayed in the result text box.


After generating the CSR on Ribbon SBC, provide it to the Certificate Authority (CA).

For this interop, GoDaddy is used as SBC's Trusted CA but it can be any of the CAs trusted by Webex (Refer Cisco Webex Root CA Trusts).

CA would generally provide the following certificates: SBC Certificate, Root CA Certificate and optionally, Intermediate Certificate 

Obtain Trusted Root CA certificate from Webex's

...

 Certificate Authority (Refer IdenTrust Commercial Root CA 1).

Ensure you upload the following certificates to SBC:

    • IdenTrust Commercial Root CA 1 - Webex's Root CA Certificate.
    • SBC's Root CA Certificate(it can be any of the CAs trusted by Webex).
    • SBC Certificate
    • Intermediate Certificate (If provided by SBC's CA).


From the Settings tab, navigate to Security > SBC Certificates > Trusted CA Certificates.

Image Added

This section describes the process of importing Trusted Root CA Certificates (Webex's Root CA, SBC's Root CA and Intermediate Certificates, if provided) using either "File Upload" or "Copy and Paste" method.

  1. To import a Trusted CA Certificate, click the Import Trusted CA Certificate (Image Added) Icon.
  2. Select File upload or copy paste for the menu listed.
  3. If you choose File upload, browse the certificate and Click OK.

Image Added

Info
titleNote

When the Verify Status field in the Certificate panel indicates Expired or Expiring Soon, replace the Trusted CA Certificate. You must delete the old certificate before importing a new certificate successfully.

SBC Primary Certificate

...

Image Removed

There are two ways to import SBC Primary Certificate as described below:

To import an X.509 signed certificate:

  1. Select X.509 Signed Certificate from the Import menu at the top of the page.
  2. Choose the import mode (Copy and Paste or File Upload) from the Mode pull-down menu.
  3. If you choose File Upload, use the Browse button to find the file and click OK.
  4. If you choose Copy and Paste, open the file in a text editor, paste the contents into the Paste Base64 Certificate text field and click OK.

To import a PKCS12 Certificate and Key:

  1. Select PKCS12 Certificate and Key from the Import menu at the top of the page.
  2. Enter the password used to export the certificate in the Password field.
  3. Browse for the PKCS certificate and key file and click OK.

Image Removed

Trusted CA Certificates

A Trusted CA Certificate is a certificate issued by a Trusted Certificate Authority. Trusted CA Certificates are imported to the SBC Edge to establish its authenticity on the network.

  • For TLS to work, a Trusted CA (Certificate Authority) is required. For this interop, GoDaddy is used as Trusted CA.
  • Add an entry in the Public DNS to resolve Ribbon SBC Edge FQDN to Public IP Address.
  • Obtain Trusted Root certificate from your certification authority.
  • In the trust store of the SBC, ensure you have the following certificates as part of the root certificate trust:
    • Cisco Control HUB Root R1

    • GlobalSign Root CA (if required)

...

titleNote

...

From the Settings tab, navigate to Security > SBC Certificates > Trusted CA Certificates.

Image Removed

This section describes the process of importing Trusted Root CA Certificates using either the File Upload or Copy and Paste method.

SBC Primary Certificate and upload the SBC certificate received from Certificate Authority.

Image Added

There are two ways to import SBC Primary Certificate as described below:

To import an X.509 signed certificate:

  1. Select X.509 Signed Certificate from the Import menu at the top of the page.
  2. Choose the import mode (Copy and Paste or File Upload) from the Mode pull-down menu
  3. To import a Trusted CA Certificate, click the Import Trusted CA Certificate (Image Removed) Icon.
  4. Select File upload or copy paste for the menu listed.
  5. If you choose File upload, browse the certificate and Click OK.

Image Removed

...

titleNote

...

  1. Upload, use the Browse button to find the file and click OK.
  2. If you choose Copy and Paste, open the file in a text editor, paste the contents into the Paste Base64 Certificate text field and click OK.

To import a PKCS12 Certificate and Key:

  1. Select PKCS12 Certificate and Key from the Import menu at the top of the page.
  2. Enter the password used to export the certificate in the Password field.
  3. Browse for the PKCS certificate and key file and click OK.

Image Added

Networking Interfaces

The SBC Edge supports five system created logical interfaces known as Administrative IP, Ethernet 1 IP, Ethernet 2 IP, Ethernet 3 IP, and Ethernet 4 IP. In addition to the system-created logical interfaces, the Ribbon SBC Edge supports user-created VLAN logical sub-interfaces.

...

For SBC 1K/2K, refer to the snapshot below.

Info

Add an entry in the Public DNS to resolve Ribbon SBC's FQDN to Public IP Address.

TLS Profile

The TLS profile defines the crypto parameters for the SIP protocol.

...

After generating the certificate, import the Tenant2 certificate under Settings tab, navigate to Security > SBC Certificates > SBC Supplementary Certificate.

Upload the certificate in the SBC certificate (Refer to SBC Certificate).

Warning
Info
titleInfoAlert

The SAN/CN name for the TLS establishment with Webex is CASE SENSITIVE on the Cisco Webex side.

...

From the Settings tab, navigate to Security > SBC Certificates > Generate SBC Edge Certificates.

  1. Provide the Tenant1's FQDN in the "Common Name" and Tenant2's FQDN in the "Subject Alternative Name AlternativeDNS".
  2. Set the Key Length to 2048 bits.
  3. Provide the location information.
  4. Click OK.
  5. The CSR will be generated and displayed in the result text box.

...

After generating the CSR on Ribbon SBC, provide it to the Certificate Authority and get the SBC certificate.Certificate.

From the Settings tab, navigate to Security > SBC Certificates > SBC Primary Certificate and upload the SBC Certificate received from Certificate AuthorityUpload the certificate in the SBC certificate (Refer SBC Certificate).

TLS Profile

From the Settings tab, navigate to Security > TLS Profiles. Click the  icon to create a new TLS profile.

...