Toolpack:Tsbc TLS Profiles

From TBwiki
(Difference between revisions)
Jump to: navigation, search
(Minor edits)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Certificates are used to provide secure connections, like HTTPs (secure connection to the web portal) or [[FreeSBC]] secure SIP calls (SIP over TLS).
+
{{DISPLAYTITLE:Configuring TLS Profiles}}
  
This pages describes how to import certificates and group them into TLS profiles, which is the first step to configure secure SIP on [[FreeSBC]].
+
{| class="wikitable"
 +
|-
 +
|rowspan="2"|This article applies to:
 +
|'''Product'''
 +
|'''Version'''
 +
|-
 +
|SBC
 +
|3.1
 +
|}
  
These TLS profiles can later be used to create SIP Transport servers using TLS.
+
Multiple TLS profiles can be created in [[Toolpack]]. A TLS profile is a collection of certificates and other settings that define the behavior of TLS connections. Multiple TLS profiles can be used to expose different certificates and options to different TLS connections in [[Toolpack]], athough one TLS profile is generally enough.
  
== Configuring Certificates and TLS Profiles  ==
+
== Create TLS profile ==
{{DISPLAYTITLE:Configuring Certificates and TLS Profiles}}
+
  
'''''Applies to version(s): v3.1 and above'''''
+
1. Select '''TLS Profiles''' from the navigation panel
  
Multiple TLS profiles can be created in [[Toolpack]]. A TLS profile is a collection of certificates and other settings that define the behavior of TLS connections. Multiple TLS profiles can be used to expose different certificates and options to different TLS connections in [[Toolpack]], though one TLS profile is generally enough.
+
[[Image:ConfigureTlsProfile_0.png]]
  
== Upload trusted certificates ==
+
2. Click ''' Create New TLS Profile'''
  
=== Select '''Certificates''' from the navigation panel ===
+
[[Image:ConfigureTlsProfile_1.png]]
  
[[Image:ConfigureCertificates_0.png|150px]]
+
3. Configure TLS Profile parameters
  
=== Click ''' Create New Certificate ''' ===
+
* Provide a name that is meaningful to you.
 
+
* Check if client authentication is required. Enabling this checkbox means that incoming connections require the remote side to present a or many trusted certificate(s) (later selected after creation).
[[Image:ConfigureCertificates_1.png|250px]]
+
* Select a local certificate (either one imported earlier, or the "Default" certificate which is automatically generated by Toolpack and is also used for HTTPS)
 
+
=== Configure certificate parameters ===
+
 
+
* Give a name that is meaningful to you
+
* Select "Trusted" certificate to import a remote party's certificate to trust
+
* Drag-and-drop (or copy-paste) the certificate's text content into the appropriate text box
+
 
* Click "Create"
 
* Click "Create"
  
[[Image:ConfigureCertificates_2.png|500px]]
+
[[Image:ConfigureTlsProfile_2.png|500px]]
  
== Upload local certificates (optional) ==
+
* Select one or multiple "trusted" certificates, only necessary if "Require peer authentication" is checked.
Toolpack already contains, by default, a unique self-signed certificate (unique per Toolpack system, shared for 1+1 hosts). This certificate is used for HTTPs, and can also be used for TLS.
+
  
In case you want to use a custom local certificate (like an officially signed certificate for your domain name), proceed as follows:
+
[[Image:ConfigureTlsProfile_3.png|500px]]
* Repeat the same procedure as above (but using "Local" certificate type) to import the local certificate
+
* Use ssh (command-line or using tool like Filezilla) to upload the private key to the unit to following path. Use the '''same file''' name as the local certificate name previously used to import in the web portal (except file extension):
+
  /lib/tb/toolpack/pkg/ssl_certificate/
+
  
Example:
 
  
[[Image:ConfigureCertificates_3.png|500px]]
+
== List of Parameters ==
  
Then:
+
*[[Parameter: Name|Name]]
  scp my_local_cert.key root@MyFreeSbcHostName:/lib/tb/toolpack/pkg/ssl_certificate/
+
*[[Parameter: Require client authentication|Require client authentication]]
 
+
*[[Parameter: Local certificate|Local certificate]]
== Create TLS profile ==
+
 
+
=== Select '''Certificates''' from the navigation panel ===
+
 
+
[[Image:ConfigureTlsProfile_0.png|150px]]
+
 
+
=== Click ''' Create New TLS Profile''' ===
+
 
+
[[Image:ConfigureTlsProfile_1.png|300px]]
+
 
+
=== Configure TLS Profile parameters ===
+
 
+
* Give a name that is meaningful to you
+
* Decide if client authentication is required (meaning that incoming connections require remote side to present a trusted certificate)
+
* Select a local certificate (either one imported earlier, or the "Default" certificate which is automatically generated by Toolpack and is also used for HTTPS)
+
* Click "Create"
+
* Select one or multiple "trusted" certificates, which correspond to remote equipment's certificates (or root certificates from which remote certificates are signed)
+
 
+
[[Image:ConfigureTlsProfile_2.png|500px]]
+
 
+
[[Image:ConfigureTlsProfile_3.png|500px]]
+

Latest revision as of 09:02, 15 December 2020


This article applies to: Product Version
SBC 3.1

Multiple TLS profiles can be created in Toolpack. A TLS profile is a collection of certificates and other settings that define the behavior of TLS connections. Multiple TLS profiles can be used to expose different certificates and options to different TLS connections in Toolpack, athough one TLS profile is generally enough.

Create TLS profile

1. Select TLS Profiles from the navigation panel

ConfigureTlsProfile 0.png

2. Click Create New TLS Profile

ConfigureTlsProfile 1.png

3. Configure TLS Profile parameters

  • Provide a name that is meaningful to you.
  • Check if client authentication is required. Enabling this checkbox means that incoming connections require the remote side to present a or many trusted certificate(s) (later selected after creation).
  • Select a local certificate (either one imported earlier, or the "Default" certificate which is automatically generated by Toolpack and is also used for HTTPS)
  • Click "Create"

ConfigureTlsProfile 2.png

  • Select one or multiple "trusted" certificates, only necessary if "Require peer authentication" is checked.

ConfigureTlsProfile 3.png


List of Parameters

Personal tools