Configuring a TLS Profile
To configure a TLS profile:
-
In Superuser mode, type
configure terminal and press Enter.
ACMEPACKET# configure terminal
-
Type
security and press Enter to access the
security-related objects.
ACMEPACKET(configure)# security
-
Type
tls-profile and press Enter to access the TLS
profile-related parameters.
ACMEPACKET(security)# tls-profile ACMEPACKET(tls-profile)#
name—Enter the name of the TLS profile. This parameter is required; you cannot leave it empty.
ACMEPACKET(tls-profile)# name tls-prof1
end-entity-certificate—Enter the name of the entity certification record.
ACMEPACKET(tls-profile)# end-entity-certificate cert1
trusted-ca-certificates—Enter the names of the trusted CA certificate records.
ACMEPACKET(tls-profile)# trusted-ca-certificates cert1
Note:
To create and import certificate records to be used on the Web Server, see Configuring Certificates.cipher-list—Not supported for SIP Monitor and Trace. The Session Director ignores any value you enter for this parameter.
-
AES256-SHA (TLS_RSA_WITH_AES_256_CBC_SHA) - Firefox (version 12) and Chrome (version 19.0.1084.46m) only
-
AES128-SHA (TLS_RSA_WITH_AES_128_CBC_SHA) - Firefox (version 12) and Chrome (version 19.0.1084.46m) only
-
DES-CBC-SHA (SSL_RSA_WITH_DES_CBC_SHA or TLS_RSA_WITH_DES_CBC_SHA) - Internet Explorer (Version 9) only
verify-depth—Not supported for SIP Monitor and Trace
mutual-authenticate—Not supported for SIP Monitor and Trace
tls-version—Enter the TLS version you want to use with this TLS profile. Default is compatibility. Valid values are:
-
TLSv1
-
SSLv3
-
compatibility (default)
ACMEPACKET(tls-profile)# tls-version TLSv1
cert-status-check—Not supported for SIP Monitor and Trace
cert-status-profile-list—Not supported for SIP Monitor and Trace
ignore-dead-responder—Not supported for SIP Monitor and Trace
allow-self-signed-cert—Not supported for SIP Monitor and Trace
-
-
Enter done to save the tls-profile
configuration.
ACMEPACKET(tls-profile)# done
-
Enter
exit to exit the TLS profile configuration.
ACMEPACKET(tls-profile)# exit
-
Enter
exit to exit the security configuration.
ACMEPACKET(security)# exit ACMEPACKET(configure)#
-
Enter exit to exit the configure mode.
ACMEPACKET(configure)# exit
-
Enter save-config to save the
configuration.
ACMEPACKET# save-config
-
Enter activate-config to activate as the
current configuration.
ACMEPACKET# activate-config