Certificate Management Commands to support the download of X.509 certificates

Last Updated : Apr 16, 2019 |

The gateway supports a new CLI command group (copy, show, erase) that supports the download of one or more X.509 certificates (Root-CA certificates) from a host server.

  • The signing authority for CM may be different from the signing authority for the gateway.

  • In complex security topologies, there may be multiple CMs, each having a different signing authority. If the media gateway has these in its MGC list, then in order to support TLS sessions, this feature of multiple Root-CA’s is necessary.

  • This feature supports three application directories in which Root-CA certificates may be placed (h248reg, sla, and syslog).

    • H248reg designates the directory to place Root-CA certificates for validation of link establishment to CM.

    • SLA designates the directory to place the single Root-CA certificate used for validation of link establishment to the SLA Monitor server for diagnostic purpose.

    • Syslog designates the directory to place the single Root-CA certificate used for validation of link establishment to the TLS Syslog server for logging.

  • The copy mechanism can be either SCP (secure copy) for a download from a host site on the Internet or USB for a download from a customer’s USB memory drive.