No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CloudEC V600R019C00 Security Maintenance (Enterprise On-premises, Only Conference)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Background

Background

Before replacing an NE security certificate, you need to learn the format and requirements of the certificate, which helps you to smoothly replace the certificate.

  • The private key password cannot contain the following characters: | ; & $ < > ' ! \ @.
  • The security certificate key contains a maximum of 15 characters.
Table 7-1 Certificate description

NE

Certificate File

Service Description

Local End

Peer End

Whether to Replace Peer End Certificate with the Local End Certificate

Certificate RSA Key Length

SMC2.0

HTTPS certificate: smc_root.der

Providing HTTPS-based configuration and management interfaces for the SC

Client

SC

Yes

No limit

TLS certificate: *.pfx

  1. Providing web page services for browsers
  2. Providing HTTPS-based upgrade interfaces for telepresence endpoints
  3. Providing FTPS interfaces for telepresence endpoints

Server

  • Browser
  • Telepresence endpoint
  • Browser: no
  • Telepresence endpoint: yes

SC

HTTPS certificates
  • sc_root.der
  • sc_cert.der
  • sc_key.der
  • sc_key_password.txt
  1. Providing HTTPS-based configuration and management interfaces for the SMC2.0
  2. Providing HTTPS-based sitecall interfaces for telepresence endpoints

Server

  • SMC2.0
  • Telepresence endpoint

Yes

No limit

TLS certificates
  • sc_root.pem
  • sc_cert.pem
  • sc_key.pem
  • sc_key_password.txt

Providing SIP TLS interfaces for the telepresence endpoint, MCU, and RSE

  • Telepresence endpoint
  • MCU
  • RSE

Yes

LDAP certificate: ldap_cert.pem

Providing LDAP interfaces for the AD server

Client

AD server

Yes

Greater than or equal to 2048

USM-EUA

  • eua.pem
  • eua_key.pem

Providing LDAP interfaces for terminals to query the address book

Server

Terminals

Yes

2048-4096

CloudMCU/VP9000 series MCU (V600R019C00)

The HTTPS, TLS, and BFCP over TLS certificates are the same.
  • root.pem
  • servercert.pem
  • serverkey.pem
  1. Providing web page services for browsers
  2. Providing SIP TLS interfaces for the telepresence endpoint and SIP
  3. Providing HTTPS-based scheduling and conference control interfaces for the SMC2.0 and third-party components

Server

  • Browser
  • Telepresence endpoint
  • SMC2.0
  • Third-party component
  • Browser: no
  • Telepresence endpoint: yes
  • SMC2.0: yes
  • Third-party components: determined by themselves

2048

VP9000 series MCU (V500R002C10)

SIP certificates
  • lync-root.pem
  • lync-server.pem
  • lync-private-key.pem
  • lync-private-key-password.txt

Providing SIP TLS interfaces for telepresence endpoints

Server

Telepresence endpoint

Yes

Less than or equal to 2048

Browser certificates
  • ssl-root.pem
  • ssl-server.pem
  • ssl-private-key.pem
  • ssl-private-key-password.txt
  1. Providing web page services for browsers
  2. Providing HTTPS-based scheduling and conference control interfaces for the SMC2.0 and third-party components
  • Browser
  • SMC2.0
  • Third-party component
  • Browser: no
  • SMC2.0: yes
  • Third-party components: determined by themselves

FTPS certificate: ftp-root.pem

Providing interfaces to upload and download files

Client

File server

Yes

Email certificate: smtp-root.pem

Providing interfaces for the mail server

Mail server

Yes

RSE6500

TLS certificates

  • root.pem
  • servercert.pem
  • serverkey.pem

Providing the BFCP over TLS interface for the MCU and SC

Client

  • MCU
  • SC

Yes

No limit

Providing the BFCP over TLS interface for telepresence endpoints

Server

Telepresence endpoint

Yes

HTTPS certificate: *.pem

Providing web page services for browsers

Server

Browser

No

Telepresence endpoint

Certificates only of the following formats can be imported: .cer, .pem, .pfx, .p7b, .p7c, .spc, .p12, .der, and .crt.

  • Client certificate: used for registration or call authentication when a terminal functions as a client. For example, the TLS is used to register the SIP or encrypt the BFCP signaling transmission.
  • Server certificate: used for all authentication when a terminal functions as a server.
  • Sitecall certificate: used for sitecall security.
  • 802.1x authentication certificate: used for 802.1x wired or wireless network authentication. When importing the certificate, select the corresponding network type. The default network type is wireless and wired.
  • TR069 CA certificate: used for ACS server authentication. When a management server (such as the TMS) and a file server (such as the IIS) are separately deployed, the certificates of the two servers must be issued by the same certificate authority (CA).

-

  • SMC2.0
  • MCU
  • SC
  • Server

Yes

512-4096

Table 7-2 Converting the certificate format

Format Description

Conversion Method

Remarks

Converting the .pem format to the .der format

  1. Download the software from the OpenSSL official website and install it.
  2. To convert the root certificate, run the following command:

    openssl x509 -in sc_root.pem -inform PEM -out sc_root.der -outform DER

  3. To convert the server certificate, run the following command:

    openssl x509 -in sc_cert.pem -inform PEM -out sc_cert.der -outform DER

  4. To convert the private key file, run the following command: openssl pkcs8 -topk8 -nocrypt -in sc_key.pem -inform PEM -passin pass:sc_key_password -out sc_key.der -outform DER
  • sc_root: indicates the CA root certificate.
  • sc_cert: indicates the server certificate.
  • sc_key: indicates the private key file.
  • sc_key_password: indicates the private key password.

Converting the .pem format to the .cer format

  1. Download the software from the OpenSSL official website and install it.
  2. To convert the root certificate, run the following command:

    openssl x509 -in sc_root.pem -inform PEM -out sc_root.cer -outform DER

  3. To convert the server certificate, run the following command:

    openssl x509 -in sc_cert.pem -inform PEM -out sc_cert.cer -outform DER

  4. To convert the private key file, run the following command: openssl pkcs8 -topk8 -nocrypt -in sc_key.pem -inform PEM -passin pass:sc_key_password -out sc_key.cer -outform DER

Converting the .pem format to the .pfx format

  1. Download the software from the OpenSSL official website and install it.
  2. Run the following command: openssl pkcs12 -export -out smc.pfx -inkey sc_key.pem -passin pass:sc_key_password -in sc_cert.pem
    NOTE:

    The .pfx certificate is a combination of the server certificate and private key file. During combination, you need to enter the private key password to encrypt the generated .pfx certificate. This password is also required when you import the .pfx certificate.

Converting the .cer format to the .pem format

  1. Download the software from the OpenSSL official website and install it.
  2. Run the following command: openssl x509 -inform der -in sc_cert.cer -out sc_cert.pem
    NOTE:

    If the exported certificate is in the BASE64 format, Run the following command: openssl x509 -inform PEM -in sc_cert.cer -out sc_cert.pem

Converting the .p7b format to the .pem format

  1. Download the software from the OpenSSL official website and install it.
  2. Run the following command: openssl pkcs7 -in sc_root.p7b -print_certs -outform PEM -out sc_root.pem
Table 7-3 Certificate loading

NE

With Preset Certificates Loaded (Yes/No)

Certificate Loading

SMC2.0

Yes

Replacing the SMC2.0 Security Certificate

SC

Yes

Replacing the SC Security Certificate

USM-EUA

Yes

Replacing the USM-EUA Security Certificate

CloudMCU

Yes

Replacing the CloudMCU Security Certificate

VP9000 series MCU (V500R002C10)

Yes

Replacing the VP9600 Series MCU Security Certificate(V500R002C10)

VP9000 series MCU (V600R019C00)

Yes

Replacing the VP9600 Series MCU Security Certificate(V600R019C00)

RSE6500

Yes

Replacing the RSE6500 Security Certificate

Telepresence endpoint

Yes

Videoconferencing endpoint
  • Import terminal security certificates by referring to Endpoint Product Documentation > Operation and Maintenance > Maintenance Guide > Security Maintenance > Application Layer Security > Managing Certificates.
TE Desktop/TE Mobile/TE WebClient
  • Import terminal security certificates by referring to TE Desktop&TE Mobile&TE WebClient V600R006C10 Security Maintenance > Device Security > Importing the TLS Root Certificate and Device Certificate.

Document obtaining path: Log in to http://support.huawei.com/enterprise, search for the terminal name, select the matched node, and obtain the corresponding documents on the Documentation tab page on the product page.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100059091

Views: 16294

Downloads: 9

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next