A Gateway Identity certificate must be installed on the gateway whenever mutual-authentication has been requested using Communication Manager's change media-gateway SAT command.

• The certificate must be installed by an administrator

• The certificate must be in PKCS #12 format.

• The certificate must contain at least the Identity certificate, and if encoded in PEM format, may have an embedded trust chain as well.

• When trust chains are embedded, the chain elements must be ordered from low-to-high trust,and the Identity certificate must be the first element in the file.

• This feature supports three applications in which an identity certificate may be used, namely h248reg, sla, and syslog.

  • h248reg designates that the certificate will be used for H.248 link establishment with CM.

  • sla designates that the certificate will be used for link establishment to an SLA Monitor server for diagnostic purpose.

  • syslog designates that the certificate will be used for link establishment to a remote syslog server.

  • web designates that the certificate will be used for link establishment to a remote HTTPS server.

• The copy mechanism can be either SCP or HTTPS, that is secure copy for download from a remote host site or USB for a download from USB memory drive. The user will be prompted for a login/password on the remote host system when scp is used to install a certificate.