Dialogic 4000 SERIES Instrukcja Użytkownika Strona 62
- Strona / 168
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
Dialogic
®
4000 Media Gateway Series Reference Guide
Page 62
SRTP can be set for each SIP peer in the Security configuration, as described on page 39. The cipher level can
be set in the Global Security Parameters, as described on page 46.
Certificates
For authentication and data encryption, certificates need to be installed on the computer on which Diva SIPcontrol
is installed and on remote computers. When a secure domain is opened, server and client authenticate each
other with a so called "SSL handshake". With this handshake, the identity of a user is certified and it is assured
that the user can be trusted. All necessary certificates should be provided by a Certificate Authority (CA), and
they are issued for one domain name. For test purposes or internal usage, you can also create and sign your
own self-signed certificate, e.g., with one of the many tools available on the internet. Search for "self-signed
certificate" and you will find a list of possible tools. But you need to be aware that self-signed certificates do not
provide the same security as CA-signed certificates. Also, many web browsers check if the certificate is signed
by a CA, and, if it is not, a warning message will appear asking whether the user really wants to trust that web
site, which can make the user feel insecure.
Certificate files can be generated in different formats, e.g., .pem, .der, .cer, or .pfx. All files need to be in "pem"
format (base64 encoded) in order to be used by Diva SIPcontrol.
A default certificate is provided with the software, but for security reasons, you should install your own web
server certificate.
Note for CER files: CER files can be renamed to .pem directly if they are base64 encoded. No bag attribute
lines and/or additional CR and empty lines are allowed. If CER files are ASN.1 coded, they need to be converted
to with a converter tool.
Note for PFX files: The PFX or PKCS#12 format is a binary format for storing the server certificate, any
intermediate certificates, and the private key in one encryptable file. When converting a PFX file to PEM format,
tools like OpenSSL will put all the certificates and the private key into a single file. You will need to open the file
in a text editor and copy each certificate and private key (including the BEGIN/END statements) to its own
individual text file and save them as certificate.cer, CACert.cer, and privateKey.key respectively.
How to Retrieve Keys and Certificates from a PFX File for Use in Diva SIPcontrol
In the following procedure openssl is used as example converter tool.
1. Export the private key file from the PFX file:
openssl pkcs12 -in filename.pfx -nocerts -out protected-key.pem
2. Remove the passphrase from the private key as required by Diva SIPcontrol:
openssl rsa -in protected-key.pem -out key.pem
3. Export the certificate file from the PFX file:
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.cer
4. Export the Root CA certificate file from the PFX file:
openssl pkcs12 -in filename.pfx -cacerts -nokeys -out cacert.cer
Using Certificates with Microsoft
®
Office Communications Server 2007
Microsoft
®
Office Communications Server 2007 requires that:
• Server certificates contain one or more CRL (Certificate Revocation List) distribution points.
CRL distribution points are locations from which CRLs can be downloaded to verify that the certificate has not
been revoked since the time it was issued. The CRL distribution point is an extension within the digital
certificate that can be used if the CA (certification authority) in your PKI (Public Key Infrastructure) has a
CRL distribution point.
• Server certificates support EKU (Enhanced Key Usage).
EKUs are needed for server authentication and ensure that the certificate is valid only for the purpose of
authenticating servers. This EKU is essential for MTLS (Mutual TLS).
- Dialogic 1
- 4000 Media Gateway Series 1
- Copyright and Legal Notice 2
- Contents 3
- CHAPTER 1 5
- About This Manual 5
- CHAPTER 2 7
- 4000 Media Gateway Features 7
- V-4PRI/E1/T1-120 PCIe HS 8
- Page 12 12
- CHAPTER 3 13
- Page 16 16
- CHAPTER 4 17
- Media Board Configuration 17
- Page 24 24
- CHAPTER 5 25
- SIPcontrol™ Configuration 25
- ™ Configuration Sections 26
- Page 32 32
- Address Normalization 33
- Page 36 36
- Enhanced 37
- Page 38 38
- Page 42 42
- Page 50 50
- LDAP Cache 50
- Page 52 52
- Page 54 54
- CHAPTER 6 61
- Data Security Overview 61
- Page 66 66
- CHAPTER 7 67
- How Calls Are Processed 67
- CHAPTER 8 73
- Page 74 74
- CHAPTER 9 75
- Page 76 76
- CHAPTER 10 77
- How Numbers Are Processed 77
- CHAPTER 11 81
- Cause Code Mapping 81
- Microsoft 85
- SIPcontrol 86
- Software 2.5 Reference Guide 86
- Page 86 86
- CHAPTER 12 87
- Software Uninstallation 87
- Page 88 88
- CHAPTER 13 89
- Event Logging 89
- Page 92 92
- CHAPTER 14 93
- Use Case Examples 93
- Page 140 140
- CHAPTER 15 149
- SNMP Support For A Dialogic 149
- Media Board 149
- Page 150 150
- Page 154 154
- Page 156 156
- CHAPTER 16 157
- Line Test Tool 157
- CHAPTER 17 163
- Diagnostics Tool 163
- CHAPTER 18 165
- Page 166 166
- CHAPTER 19 167
- Customer Service 167
Powiązane produkty i podręczniki dla Bramy / kontrolery Dialogic 4000 SERIES
(32 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.111 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji