Endpoint Authentication
The Oracle Communications Core Session Manager does not operate as a CA. Instead, the Oracle Communications Core Session Manager ’s TLS implementation assumes that you are using one of the standard CAs for generating certificates:
- Verisign
- Entrust
- Thawte
- free Linux-based CA (for example, openssl)
The Oracle Communications Core Session Manager can generate a certificate request in PKCS10 format and to export it. It can also import CA certificates and a Oracle Communications Core Session Manager certificate in the PKCS7/X509 PEM format.
The Oracle Communications Core Session Manager generates the key pair for the certificate request internally. The private key is stored as a part of the configuration in 3DES encrypted form (with an internal generated password) and the public key is returned to the user along with other information as a part of PKCS10 certificate request.
The Oracle Communications Core Session Manager supports the option of importing CA certificates and marking them as trusted. However, the Oracle Communications Core Session Manager only authenticates client certificates that are issued by the CAs belonging to its trusted list. If you install only a specific vendor's CA certificate on the Oracle Communications Core Session Manager , it authenticates that vendor's endpoints. Whether the certificate is an individual device certificate or a site-to-site certificate does not matter because the Oracle Communications Core Session Manager authenticates the signature/public key of the certificate.