Endpoint Authentication
The Oracle® Enterprise Session Border Controller does not operate as a CA. Instead, the Oracle® Enterprise Session Border Controller ’s TLS implementation assumes that you are using one of the standard CAs for generating certificates:
- Verisign
- Entrust
- Thawte
- free Linux-based CA (for example, openssl)
Note:
Self-signed certificates are available only as an option for MSRP connectionsThe Oracle® Enterprise Session Border Controller can generate a certificate request in PKCS10 format and to export it. It can also import CA certificates and a Oracle® Enterprise Session Border Controller certificate in the PKCS7/X509 PEM format.
The Oracle® Enterprise Session Border Controller generates the key pair for the certificate request internally. The private key is stored as a part of the configuration in 3DES encrypted form (with an internal generated password) and the public key is returned to the user along with other information as a part of PKCS10 certificate request.
The Oracle® Enterprise Session Border Controller supports the option of importing CA certificates and marking them as trusted. However, the Oracle® Enterprise Session Border Controller only authenticates client certificates that are issued by the CAs belonging to its trusted list. If you install only a specific vendor's CA certificate on the Oracle® Enterprise Session Border Controller , it authenticates that vendor's endpoints. Whether the certificate is an individual device certificate or a site-to-site certificate does not matter because the Oracle® Enterprise Session Border Controller authenticates the signature/public key of the certificate.