Secure HTTPS/SSH

 

 

Feature F-6381 adds to the IMG 2020 the ability to be able to encrypt and decode messaging going between an SSH or HTTPS Server. Within the system software binary file that gets downloaded to the IMG 2020 are four default certificate files. They are as follows:

  • default_cert.pem

  • default_key.pem

  • wrapped_pwd.txt

  • default_calist.pem

With these four files loaded, HTTPS and SSH are encrypted. Nothing needs to be done if the default certificates are used. If however, the customer wants to add their own certificates then the custom proprietary certificates need to be added to the system. Follow the instructions below to add a set of custom proprietary certificates to the IMG 2020.

The Certificate is also referred to as the Trust ID.

Load Custom Proprietary Certificate

The IMG 2020 needs to be able to download the proprietary certificates. To do this, the certificates must first be loaded into the location that the system software binary file is being loaded from. For example, if the system software binary file is being loaded from an FTP server, the certificates need to be copied there. If the system software binary file is being loaded directly from the SD Card, the certificates need to be loaded there. Copy the certificates (.pem files) to this location.

Initial Configuration

Before configuring, the IMG 2020 must have an initial configuration created on it. Follow the Basic Configurations procedure before proceeding. The Basic Configurations topic will configure functions such as Physical nodes, Profile objects, and any other initial functions that should be configured on most IMG 2020 systems.

Create a Certificate Database and download proprietary certificates

Once the customer has created their own custom certificates, they can now load them into the IMG 2020.

  • Right click on the Dialogic object and select New Security. The Security object is a parent or container object and no configuration is required in this object. Refer to the Security topic for more information on this object.

  • Right click on the Security object and select New Certificate Database. This will be the Database that will contain the individual Certificate Entries or Trust ID's. The certificate database object is a container or parent object and no configuration is needed here. Refer to the Certificate Database topic for more information on this object.

  • Right click on Certificate Database object and select New Certificate. This is where the custom proprietary certificate files are entered.

  • In the ID field, select from drop down menu any ID other than ID:0. ID:0 is reserved for the default certificates that are automatically downloaded with the system software files. If ID:0 is selected, the default files loaded with the system software will be overwritten.

  • Enter the names of each of the proprietary certificate files in each of the three "Filename" fields of this object. These were the files loaded into the download directory earlier. Enter the names exactly as they are labeled. Commit the object and the proprietary certificates will get downloaded to the IMG 2020.

Refer to the Certificate topic for more information on configuring the individual fields.

There should be a separate Certificate object for each set of certificates that are downloaded to the IMG 2020.

Additional Information

  • The procedure above is to configure the IMG 2020 to encrypt and decode HTTPS and SSH messaging. If the custom certificate created is also for TLS, a Secure Profile object will need to be created. refer to the Configure TLS for information on configuring TLS on SIP. 

Return to Documentation Home I Return to Sangoma Support