TANDBERG D14049.04 Network Card User Manual


 
183
D14049.04
JULY 2008
Grey Headline (continued)
TANDBERG VIDEO COMMUNICATIONS SERVER
ADMINISTRATOR GUIDE
Introduction Getting Started
Overview and
Status
System
Conguration
VCS
Conguration
Zones and
Neighbors
Call
Processing
Bandwidth
Control
Firewall
Traversal
Appendices
Applications Maintenance
Security
For extra security, you may wish to have the
VCS communicate with other systems (e.g.
servers such as LDAP servers, neighbor VCSs,
or clients such as SIP endpoints) using TLS
encryption.
For this to work successfully in a connection
between a client and server:
the server must have a certicate installed
that veries its identity. This certicate
must be signed by a Certicate Authority
(CA).
the client must trust the CA that signed the
certicate used by the server.
The VCS allows you to install appropriate les
so that it can act as either a client or a server
in connections using TLS.
For an endpoint to VCS connection, the
VCS will be the TLS server. For a VCS
to LDAP server connection, the VCS will
be a client. For a VCS to VCS connection either
VCS may be the client with the other VCS being
the TLS server.
Select the le containing...
Allows you to upload a PEM le that identies
the list of Certicate Authorities trusted by
the VCS. The VCS will only accept certicates
signed by a CA on this list. If you are
connecting to an LDAP database using TLS
encryption, the certicate used by the LDAP
database must be signed by a CA on this list.
Upload CA certicate
Click here once you have selected the le to
upload it.
Select the server private key le
Allows you to upload a PEM le that identies
the private key used to encrypt the server
certicate used by the VCS. This private key
must not be password protected.
Select the server certicate le
Allows you to upload a PEM le that
contains the server certicate used for
HTTPS connections to the VCS from user
or administrator web browsers, and by SIP
endpoints or servers connecting to the VCS
over TLS.
Show server certicate
Shows you the currently uploaded PEM le containing the certicate used by the VCS to identify
itself to SIP and HTTPS clients when communicating over SSL/TLS.
Overview
To enable security using the web interface:
Maintenance > Security
.
You will be taken to the Security page.
Upload server certicate data
Click here once you have selected both the
private key and certicate les to upload them.
Enabling Security
Show CA certicate
Shows you the currently uploaded PEM le
that identies the list of Certicate Authorities
trusted by the VCS.
The les that enable secure
connections over TLS are installed via
the web interface. They cannot be
installed using the CLI.