D 14046.01
07.2007
126
TANDBERG VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Text goes here
Introduction
Getting
Started
System
Overview
System
Configuration
H.323 & SIP
Configuration
Registration
Control
Zones and
Neighbors
Call
Processing
Firewall
Traversal
Bandwidth
Control
Maintenance
Appendices
TANDBERG VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Maintenance
About Security
For extra security, you may wish to have the
VCS communicate with other systems (e.g.
servers such as LDAP servers or clients such
as SIP endpoints) using TLS encryption.
For this to work successfully in a connection
between a client and server:
the server must have a certificate installed
that verifies its identity. This certificate
must be signed by a Certificate Authority
(CA).
the client must trust the CA that signed the
certificate used by the server.
The VCS allows you to install appropriate files
so that it can act as either a client or a server
in connections using TLS.
•
•
Select the file containing trusted CA...
Allows you to upload a PEM file that identifies
the list of Certificate Authorities trusted by
the VCS. The VCS will only accept certificates
signed by a CA on this list. If you are
connecting to an LDAP database using TLS
encryption, the certificate used by the LDAP
database must be signed by a CA on this list.
Upload CA certificate
Click here once you have selected the file to
upload it.
Select the server private key file
Allows you to upload a PEM file that identifies
the private key used to encrypt the server
certificate used by the VCS. This private key
must not be password protected.
Select the server certificate file
Allows you to uploads PEM file that
contains the server certificate used for
HTTPS connections to the VCS from user
or administrator web browsers, and by SIP
endpoints or servers connecting to the VCS
over TLS.
Download server certificate
Provides you with the PEM file containing the
certificate used by the VCS to identify itself to
SIP and HTTPS clients when communicating
over SSL/TLS.
Maintenance
Security
Enabling Security
The files that enable secure connections over
TLS are installed via the web interface. They
cannot be installed using the CLI.
To enable security using the web interface:
Maintenance > Security.
You will be taken to the Security page.
•
Upload server certificate data
Click here once you have selected the files to
upload them.