Endpoint Authentication

The Oracle Communications Session Border Controller does not operate as a CA. Instead, the Oracle Communications Session Border Controller ’s TLS implementation assumes that you are using one of the standard CAs for generating certificates:

• Verisign
• Entrust
• Thawte
• free Linux-based CA (for example, openssl)

Note:

Self-signed certificates are available only as an option for MSRP connections

The Oracle Communications Session Border Controller can generate a certificate request in PKCS10 format and to export it. It can also import CA certificates and a Oracle Communications Session Border Controller certificate in the PKCS7/X509 PEM format.

The Oracle Communications Session Border Controller generates the key pair for the certificate request internally. The private key is stored as a part of the configuration in 3DES encrypted form (with an internal generated password) and the public key is returned to the user along with other information as a part of PKCS10 certificate request.

The Oracle Communications Session Border Controller supports the option of importing CA certificates and marking them as trusted. However, the Oracle Communications Session Border Controller only authenticates client certificates that are issued by the CAs belonging to its trusted list. If you install only a specific vendor's CA certificate on the Oracle Communications Session Border Controller , it authenticates that vendor's endpoints. Whether the certificate is an individual device certificate or a site-to-site certificate does not matter because the Oracle Communications Session Border Controller authenticates the signature/public key of the certificate.