Technical Helpweb

- more articles

Secure HTTP on DMG

Overview

This article provided an overview of using secure HTTP when accessing the webUI on a Dialogic® 1000 or 2000 Media Gateway Series.    HTTPS safeguards HTTP data by encryption and authentication. With HTTPS,messages are no longer transmitted as clear text and are not readily readable. HTTPS requires two actions by the user:

  • Both the Media Gateway and the PC on which the Web browser used to connect to the DMG1000 or DMG2000 Gateways via HTTPS is running must be configured with the proper certificate.
  • When accessing the DMG1000 or DMG2000 Gateways, use https:// instead of the non-secure http:// followed by the DMG1000 or DMG2000 Gateway's URL.

HTTPS Certificate Configuration

An HTTPS certificate can be either self-signed or certificate authority (CA) signed. A self-signedcertificate can be generated by the DMG1000 or DMG2000 Gatewayy. CA signed certificates must be requested by the DMG1000 or DMG2000 Gateway and then signed by a CA.

When using a self-signed certificate:

  1. The DMG1000 or DMG2000 Gateway generates a self-signed public key certificate.
  2. This certificate is then exported and downloaded from the DMG1000 or DMG2000 Gateway to a PC via HTTP (or HTTPS if already active).
  3. The certificate is then configured into the Windows® PC running the HTTPS Web browser used to connect to the DMG1000 or DMG2000 Gateway.
  4. From this PC, the user logs on to the DMG1000 or DMG2000 Gateway using the https://[URL].
  5. HTTPS is then automatically used when accessing all subsequent Web pages.

When using a CA signed certificate:

  1. The DMG1000 or DMG2000 Gateway generates a certificate signature request (CSR).
  2. The CSR is exported from the DMG1000 or DMG2000 Gateway to a PC via HTTP (or HTTPS if already active).
  3. The CSR is used by the CA to create a signed certificate.
  4. The CA signed certificate is uploaded to the DMG1000 or DMG2000 Gateway.
  5. The root certificate of the CA that signed the CSR is configured into the PC running the Web browser used to connect to the DMG1000 or DMG2000 Gateway via HTTPS.
  6. The user logs into the DMG1000 or DMG2000 Gateway by going to https://[URL]
  7. HTTPS is automatically used when accessing all the subsequent Web pages

The choice of either self-signed or CA-signed certificates depends on the system administration and the desired level of trust within the system. Self-signed certificates are generated by the DMG1000 or DMG2000 Gateway and therefore does not cost any money  and may require less time to install.  A self-signed certificate is simply downloaded from the DMG1000 or DMG2000 Gateway and installed on the PC running the Webbrowser used to connect to the DMG1000 or DMG2000 Gateway via HTTPS.

However, when self-signed certificates are used, the PC/Web Browser must have a unique certificate installed for each DMG1000 or DMG2000 Gateway with which it will communicate. This process couldget lengthy if the PC/Web Browser needs to communicate with a number of DMG1000 or DMG2000 Gateway units.   On the other hand, CA signed certificates require time and effort to install since the certificates must be signed by a CA. However, once you have the signed certificate, the CA root certificate can be used to communicate with multiple DMG1000 or DMG2000 Gateway units.

HTTPS Example

An example of how HTTPS is used with a self-signed certificate is described below. In the example, the DMG1000 or DMG2000 Gateway has an IP address of 172.16.3.10 and uses a self-signed certificate.

  1. Start the DMG1000 or DMG2000 Gateway.
  2. Start Internet Explorer (or any Web browser that supports HTTPS).
  3. In the Web browser Address box, enter http://172.16.3.10.
  4. At the login screen, enter a User name and Password, and click OK to login to the DMG1000 or DMG2000 Gateway.
  5. Select the Security Web page > Certificate Management tab > Certificate Usage table >HTTPS parameter and check that Self Signed is the selected value.
  6. Go to the HTTPS table and click on Generate button on the Self Signed row. The Self Signed Certificate Generation screen will appear.
  7. Fill in the text boxes in the Value row of both the Certificate X509 Extensions and Certificate Subject tables and then click the Generate button. After a short time, the following message will appear: “Self signed Certificate was created”. Click Continue to return to the Certificate Management Web page.
  8. In the HTTPS table, click the Export button in the Action column of the Self Signed row to download the certificate from the DMG1000 or DMG2000 Gateway to the PC.
  9. Configure this certificate on the PC running the Web browser used to connect to the DMG1000 or DMG2000 Gateway via HTTPS. See Section 7.5, “Installing Certificate Using Internet Explorer”, on page 262 for details.
  10. In the Web browser Address box, enter https://172.16.3.10.
  11. At the login screen, enter a User name and Password. Then click OK to login to the MediaGateway. HTTPS is now active.


Feedback

Please rate the usefulness of this page:  
0 - not useful at all
1 - potentially useful
2 - quite useful
3 - very useful
4 - exactly the information I needed     

Please enter a comment about this page:

Open access: Product rule: ; Page rule: Auto

Service Center Logon