Certificate and TLS Validation

For production environments, certificates are mandatory for each device. Ensure that CA-signed or self-signed certificates are generated and used in Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) before adding the device.

Step	Command	Expected Behavior
Verify the tls-global configuration	configure terminal, security, tls-global	Ensure the session-caching parameter is disabled, as enabling this parameter may cause connectivity issues.
Verify certificate records	show running-config certificate-record	Ensure the following: key-size must be greater than or equal to 2048 digest-algor is set to a valid algorithm (SHA1 is not supported.
Verify TLS profiles	show running-config tls-profile	Ensure tls-profile is configured with valid end-entity-certificate and trusted-ca-certificates and ensure the following parameters have valid values: cipher-list mutual-authenticate tls-version
Match TLS profile names	show running-config system-config	Ensure the system-config, acp-tls-profile value matches the tls-profile whose ca-cert is imported into Oracle SDM Cloud.
Verify certificate validity dates		Validate the expiration date.
Ensure SHA-1 ciphers are disabled		Ensure SHA-1 is disabled.