V6100 and V7122 User Guide
341
To install a client certificate follow the next 6 steps:
1
Before continuing, set HTTPSOnly = 0 to ensure you have a method of accessing the
device in case the client certificate doesn’t work. Restore the previous setting after
testing the configuration.
2
Open the ‘Certificates’ screen (
Advanced Configuration
menu >
Security Settings
submenu >
Certificates
option); the ‘Certificates’ screen is displayed (
Figure 118
).
3
To load the Trusted Root Certificate file locate the trusted root certificate loading section.
4
Click
Browse
and navigate to the file, click
Send File
.
5
When the operation is completed, set the
ini
file parameter,
HTTPSRequireClientCertificates = 1.
6
Save the configuration (Section
Save Configuration
) and restart the V7122.
When a user connects to the secure Web server:
If the user has a client certificate from a CA listed in the Trusted Root Certificate file, the
connection is accepted and the user is prompted for the system password.
If both the CA certificate and the client certificate appear in the Trusted Root Certificate
file, the user is not prompted for a password (thus providing a single-sign-on experience -
the authentication is performed using the X.509 digital signature).
If the user doesn’t have a client certificate from a listed CA, or doesn’t have a client
certificate at all, the connection is rejected.
The process of installing a client certificate on your PC is beyond the scope of this
document. For more information, see your Web browser or operating system
documentation, and/or consult your security administrator.
The root certificate can also be loaded via
ini
file using the parameter
‘HTTPSRootFileName’.
SRTP
The gateway supports Secured RTP (SRTP) according to RFC 3711. SRTP is used to
encrypt RTP and RTCP transport since it is best-suited for protecting VoIP traffic.
SRTP requires a Key Exchange mechanism that is performed according to <draft-ietf-
mmusic-sdescriptions-12>. The Key Exchange is executed by adding a ‘Crypto’ attribute to
the SDP. This attribute is used (by both sides) to declare the various supported cipher suites
and to attach the encryption key to use. If negotiation of the encryption data is successful,
the call is established.
Use the parameter MediaSecurityBehaviour (described in
Security Parameters
) to select the
gateway’s mode of operation: Must or Prefer. These modes determine the behavior of the
gateway if negotiation of the cipher suite fails.
Summary of Contents for V6100
Page 28: ...28 V6100 and V7122 User Guide Reader s Notes...
Page 48: ...48 V6100 and V7122 User Guide Reader s Notes...
Page 72: ...72 V6100 and V7122 User Guide Reader s Notes...
Page 80: ...80 V6100 and V7122 User Guide Reader s Notes...
Page 152: ...152 V6100 and V7122 User Guide Reader s Notes...
Page 262: ...262 V6100 and V7122 User Guide Reader s Notes...
Page 284: ...284 V6100 and V7122 User Guide Reader s Notes...
Page 291: ...V6100 and V7122 User Guide 291 Figure 95 V7122 Startup Process...
Page 324: ...324 V6100 and V7122 User Guide Reader s Notes...
Page 354: ...354 V6100 and V7122 User Guide Reader s Notes...
Page 374: ...374 V6100 and V7122 User Guide Reader s Notes...
Page 382: ...382 V6100 and V7122 User Guide Figure 130 Example of a User Information File Reader s Notes...
Page 392: ...392 V6100 and V7122 User Guide Reader s Notes...
Page 409: ...V6100 and V7122 User Guide 409 Reader s Notes...
Page 413: ...V6100 and V7122 User Guide 413 Reader s Notes...
Page 425: ...V6100 and V7122 User Guide 425 Figure 145 UDP2File Utility Reader s Notes...
Page 431: ...V6100 and V7122 User Guide 431 Reader s Notes...
Page 447: ...V6100 and V7122 User Guide 447 Reader s Notes...
Page 483: ...V6100 and V7122 User Guide 483 Reader s Notes...