logo.gif VCR 2210
host: commonsipvcr

Configuring SSL certificates

If the IP VCR has the Secure management (HTTPS) or Encryption feature key installed, and you enable Secure web on the Network > Services page (Configuring IP services) , you are able to access the web interface of the IP VCR using HTTPS. The IP VCR has a local certificate and private key pre-installed and this is used by default when you access the unit using HTTPS. However, we recommend that you upload your own certificate and private key to ensure security because all IP VCRs have identical default certificates and keys.

To upload your own certificate and key, go to Network > SSL certificates. Complete the fields using the table below for help and click Upload certificate and key. Note that you must upload a certificate and key simultaneously. After uploading a new certificate and key, you must restart the IP VCR.

If you have uploaded your own certificate and key, you can remove it later if necessary; to do this, click Delete custom certificate and key.

The table below details the fields you see on the Network > SSL certificates page.

Field Field description Usage tips
Local certificate
Subject

The details of the business to which the certificate has been issued:

  • C: the country where the business is registered
  • >ST: the state or province where the business is located
  • L: the locality or city where the business is located
  • O: the legal name of the business
  • OU: the organizational unit or department
  • CN: the common name for the certificate, or the domain name
 
Issuer

The details of the issuer of the certificate.

Where the certificate has been self-issued, these details are the same as for the Subject.

Issued

The date on which the certificate was issued.

 
Expires

The date on which the certificate will expire.

 
Private key

Whether the private key matches the certificate.

Your web browser uses the SSL certificate's public key to encrypt the data that it sends back to the IP VCR. The private key is used by the IP VCR to decrypt that data. If the Private key field shows 'Key matches certificate' then the data is securely encrypted in both directions.

Local certificate configuration
Certificate

If your organization has bought a certificate, or you have your own way of generating certificates, you can upload it. Browse to find the certificate file.

 
Private key

Browse to find the private key file that accompanies your certificate.

 
Private key encryption password

If your private key is stored in an encrypted format, you must enter the password here so that you can upload the key to the IP VCR.

 
Trust store
Subject

The details of the business to which the trust store certificate has been issued:

  • C: the country where the business is registered
  • ST: the state or province where the business is located
  • L: the locality or city where the business is located
  • O: the legal name of the business
  • OU: the organizational unit or department
  • CN: the common name for the certificate, or the domain name

 

Issuer

The details of the issuer of the trust store certificate.

Where the certificate has been self-issued, these details are the same as for the Subject.

Issued

The date on which the trust store certificate was issued.

 
Expires

The date on which the trust store certificate will expire.

 
Certificate verification settings

Choose to what extent the IP VCR will verify the identity of the far end for a connection:

  • No verification: all outgoing connections are permitted to proceed, even if the far end does not present a valid and trusted certificate.
  • Outgoing connections only: outgoing connections are only permitted if the far end has a certificate which is trusted.
  • Outgoing connections and incoming calls: outgoing connections and incoming connections for SIP calls using TLS must have a certificate which is trusted otherwise the IP VCR will not allow the connection to proceed.

 

Outgoing connections are connections such as SIP calls which use TLS.

 

Related topics