Configuring the Certificate Record

The certificate record configuration represents either the end-entity certificate or the CA certificate on the Oracle Communications Session Border Controller (OCSBC). When you use the certificate record for an end-entity certificate, associate a private key with the certificate record configuration by using the ACLI generate-certificate-request command. You can import a requested certificate provided by a CA into a certificate record configuration using the ACLI import-certificate command.

Do not associate a private key with the certificate record configuration, if it was issued to hold a CA certificate.

Note:

You do not need to create a certificate record when importing a CA certificate or certificate in PKCS #12 format.

1. Access the certificate-record configuration element.

   ORACLE# configure terminal
   ORACLE(configure)# security
   ORACLE(security)# certificate record
   ORACLE(certificate-record)# 

2. For the Certificate Record configuration, do the following:
   • Name—(Required) Enter the name of this certificate record.
   • Country—Enter the country name abbreviation. For example, CA for Canada. Range: 2 characters.
   • State—Enter the region abbreviation. For example, QC for Quebec. Range: 2 characters.
   • Locality—Enter the name of the locality in the region. For example, Quebec City. Range:1-128 characters.
   • Organization—Enter the name of the organization. For example, Office of Information Technology. 1-64 characters.
   • Unit—Enter the name of the unit in the organization. For example, Global Network Security. 1-64 characters.
   • Common name—Enter the common name for the certificate record. For example, your name. Range: 1-64 characters.
   • Key algor—Set a key algorithm. Valid algorithms: rsa | ecdsa.
   • Digest algor—Set a digest algorithm. Valid values: sha1 | sha256 | sha384.
   • Key size—For the RSA key algorithm, set the RSA key size. Valid key size: 512 | 1024 | 2048 | 4096.
   • ECDSA key size—For the ECDSA key algorithm, set the ECDSA key size. Valid key size: p256 | p384.
   • Alternate name—(Optional) Enter one or more alternative names for the certificate holder.
   • Trusted—Do one of the following:
     • Select to make the certificate trusted. (Default)
     • Deselect to make the certificate un-trusted.
   • Key usage list—Set key the usage extensions you want to use with this certificate record. Multiple values allowed. Default: The combination of digitalSignature and keyEncipherment. For a list of possible values and their descriptions, see “Key Usage List.”
   • Extended key usage list—Set the extended key usage extensions you want to use with this certificate record. Default: serverAuth. For a list of possible values and their descriptions, see “Extended Key Usage List.”
   • Options—Set any optional features or parameters that you want.
3. Type done to save your configuration.

• Create TLS profiles, using your certificate records, to further define the encryption behavior and create the configuration element that you can apply to a SIP interface.