Mitel Deutschland GmbH 68635RFP36U-01 ユーザーズマニュアル
Configuration and Administration
321
are actually evaluated. However, the files can be uploaded to the OMM with their full content.
There are two sets of certificates which can be set up in the OMM, which are described in the following
sections.
sections.
Trusted Certificates
The trusted certificates are used to verify the signatures of certificates sent by remote hosts. The
corresponding PEM file may contain multiple certificates. Their order is not relevant. Certificates are
searched in the trust store according their subject name, the key identifier (if present), and the serial
number as taken from the certificate to be verified.
The trusted certificates are used to verify the signatures of certificates sent by remote hosts. The
corresponding PEM file may contain multiple certificates. Their order is not relevant. Certificates are
searched in the trust store according their subject name, the key identifier (if present), and the serial
number as taken from the certificate to be verified.
Local Certificates
The local certificate or local certificate chain is sent to remote hosts for authentication.
The local certificate or local certificate chain is sent to remote hosts for authentication.
In corresponding PEM files the host certificate must be in the first position, followed by intermediate
certificates if applicable. The last certificate is the self-signed root-certificate of the CA. The root
certificate may be omitted from the list, as the remote host must possess it anyway to verify the validity.
This means that if there are no intermediate certificates, this file may contain only one single certificate.
certificates if applicable. The last certificate is the self-signed root-certificate of the CA. The root
certificate may be omitted from the list, as the remote host must possess it anyway to verify the validity.
This means that if there are no intermediate certificates, this file may contain only one single certificate.
7.31.2 PRIVATE KEY
The Private Key is also contained in a PEM file. The Local Certificate must match to the Private Key.
Although PEM files may contain a textual description of the key, only the Base64-encoded portions
between
between
-----BEGIN RSA PRIVATE KEY-----
and
-----END RSA PRIVATE KEY-----
is actually evaluated. However, the file can be uploaded to the OMM with its full content.
7.31.3 TLS TRANSPORT MODE
The OMM distinguishes the both TLS transport modes
TLS and Persistent TLS.
When the OMM is configured to use
TLS (Transport protocol: TLS), TLS connections to remote peers,
e.g. SIP proxies and registrars, are connected as needed. For TLS connections initiated by the OMM, it
is a TLS client. If a remote peer sets up a TLS connection, the OMM is the TLS server. Connections are
closed when they have not been in use for a certain time. The terms server and client refer to TLS
connections below, not to SIP transactions.
is a TLS client. If a remote peer sets up a TLS connection, the OMM is the TLS server. Connections are
closed when they have not been in use for a certain time. The terms server and client refer to TLS
connections below, not to SIP transactions.
The OMM always verifies the server certificate when it sets up an outgoing connection and it verifies the
client certificate on incoming connections. Therefore following configuration parameters must be set for
this mode: Trusted Certificates, Local Certificate and Private Key.
client certificate on incoming connections. Therefore following configuration parameters must be set for
this mode: Trusted Certificates, Local Certificate and Private Key.
When the OMM is configured to use
persistent TLS (Transport protocol: Persistent TLS), it sets up TLS
connections to SIP Servers and keeps them connected. When a connection is closed for whatever
reason, the OMM tries to re-establish it immediately. It does not accept incoming connections from
remote ends. Thus the OMM is always TLS client when Persistent TLS is in use.
reason, the OMM tries to re-establish it immediately. It does not accept incoming connections from
remote ends. Thus the OMM is always TLS client when Persistent TLS is in use.
The advantage of Persistent TLS is a faster call setup time and lower processing power needed on both
sides.
sides.