Connecting Oracle Communications Session Border Controllers to Mediation Engines

Connections from Oracle Communications Session Border Controllers to the Mediation Engine machines are encrypted. These encrypted (secure) connections use TLS on port 4740. The secure connections between the Mediation Engines and the session border controllers are established using SSL Certificates.

For a stand-alone system, you can register the certificates in Platform Setup Application on the Server Certificate page by downloading the Session Monitor certificate to the session border controller and uploading the session border controller certificate to the Session Monitor machine on the Trusted Certificate page.

If you manage certificates within a Public Key Infrastructure (PKI), you can download the Session Monitor certificates and have them signed by your Certificate Authority (CA). When you have the trusted CA certificate, upload the CA certificate to each Session Monitor machine.

Registering Certificates on the Session Border Controller

To register the certificates on the Oracle Communications Session Border Controller, go to the My Oracle Support Web site and follow the instructions in the Oracle Note at https://support.oracle.com/epmos/faces/DocContentDisplay?id=1679579.1 to do the following:

  • Configure the connection to Session Monitor

  • Create a certificate for the session border controller.

  • Register the certificate of Session Monitor, which can be downloaded from Platform Setup Application on the Server Certificate page. Alternatively, you can register the CA used to sign it.

  • Enable TLS

Registering Certificates in Platform Setup Application

To register the certificates in Platform Setup Application, on the Trusted Certificate page in the Upload a trusted certificate section, upload the certificates of the session border controllers. The certificates will then appear under List of trusted certificates section (see Figure 1-3).

Alternatively, you can upload the CA that is used to sign session border controller's certificates. The certificate format is X.509 / PEM (X.509 extensions are not supported). Only the validity of the signatures are verified.

Unencrypted connections are not allowed by default, unless the system has been upgraded from an earlier release that did not support encrypted connections.

To use unencrypted connections (for example, in a testing environment), select Accept unsecure connections from SBCs; then disable the TLS option in the session border controller. The unencrypted connections use port 4739.

Using unencrypted connections are not recommended in production environments.

Figure 1-3 Trusted Certificate Page

The figure is a screen capture of the Trusted Certificate page.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents