Configuring the Certificate Record

The certificate record configuration represents either the end-entity certificate or the CA certificate on the Oracle® Enterprise Session Border Controller (E-SBC). When you use the certificate record for an end-entity certificate, associate a private key with the certificate record configuration by using the ACLI generate-certificate-request command. You can import a requested certificate provided by a CA into a certificate record configuration using the ACLI import-certificate command.

Do not associate a private key with the certificate record configuration, if it was issued to hold a CA certificate.

Note:

You do not need to create a certificate record when importing a CA certificate or certificate in PKCS #12 format.
  1. Access the certificate-record configuration element. 
    ORACLE# configure terminal
ORACLE(configure)# security
ORACLE(security)# certificate record
ORACLE(certificate-record)#
  2. For the Certificate Record configuration, do the following:
    Parameter Instructions
    Name Enter the name of this certificate record. Required.
    Country Enter the country name abbreviation. For example, CA for Canada. Range: 2 characters.
    State Enter the region abbreviation. For example, QC for Quebec. Range: 2 characters.
    Locality Enter the name of the locality in the region. For example, Quebec City. Range:1-128 characters.
    Organization Enter the name of the organization. For example, Office of Information Technology. 1-64 characters.
    Unit Enter the name of the unit in the organization. For example, Global Network Security. 1-64 characters.
    Common name Enter the common name for the certificate record. For example, your name. Range: 1-64 characters.
    Key algor Set a key algorithm. Valid algorithms: rsa | ecdsa.
    Digest algor Set a digest algorithm. Valid values: sha1 | sha256 | sha384.
    Key size For the RSA key algorithm, set the RSA key size. Valid key size: 512 | 1024 | 2048 | 4096.
    ECDSA key size For the ECDSA key algorithm, set the ECDSA key size. Valid key size: p256 | p384.
    Alternate name (Optional) Enter one or more alternative names for the certificate holder.
    Trusted Do one of the following:
    • Select to make the certificate trusted. (Default)
    • Deselect to make the certificate un-trusted.
    Key usage list Set key the usage extensions you want to use with this certificate record. Multiple values allowed. Default: The combination of digitalSignature and keyEncipherment. For a list of possible values and their descriptions, see “Key Usage List.”
    Extended key usage list Set the extended key usage extensions you want to use with this certificate record. Default: serverAuth. For a list of possible values and their descriptions, see “Extended Key Usage List.”
    Options Set any optional features or parameters that you want.
  3. Type done to save your configuration.
  • Create TLS profiles, using your certificate records, to further define the encryption behavior and create the configuration element that you can apply to a SIP interface.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents