The BMC web application is available via TLS-secured (https) access either directly through port 443 or indirectly through port 80 to 443. ACL rules are not applicable to prevent unsecured (http) access. A sample X.509 certificate which is a copy of the BMC, and EMA certificates are shipped along with the SBC shipment. The size of this certificate is 2,048 bits.
The BMC uses the common local certificate store of the SBC (used also for SIP/TLS) rather than having its own separate certificate store. Certificate with RSA keys up to 4,096 bits are supported. However, Sonus recommends using 2,048 bit certificates.
Enter the following URL in the browser to access the SBC BMC GUI:
https://<BMC_IP_Address>
where BMC IP address is the IP address of the BMC GUI.
The BMC also provides the interface which uploads the self-signed certificate to replace the sample X.509 certificates.
The SBC supports a maximum of 4,096 TLS certificates/CAs (both local and remote).
The SBC allows importing of a single certificate in a single file only. If a CA provides a .p12 or a .pfx certificate bundle with multiple CA certificates in it, extract the certificates from the bundle, store them in separate files, and import them separately.
Use the following procedure to upload self signed certificates using BMC:
Log on to the
<username>
<default password>
Click Configuration > SSL. The SSL Certification Configuration screen is displayed.
Click Browse from the Upload SSL tab, and then from the Open dialog, browse to and select the BMC certificate.
Click Upload to upload the new BMC certificate and the Privacy Key (if any).
Follow steps 4 through 6 to upload the Default Privacy Key. A pop up message appears stating that the HTTPs Service need to restart and seeking your permission to proceed.