TLS Transport Layer Tsaro
Jagoran Jagora

Tabbatar da Algo IP Endpoints:
TLS da Tabbatar da Mutual

Bukatar Taimako?
604-454-3792 or support@algosolutions.com 

Gabatarwa ga TLS

TLS (Transport Layer Security) ƙa'idar sirri ce wacce ke ba da tabbaci, keɓantawa, da tsaro na ƙarshe zuwa ƙarshen bayanan da aka aika tsakanin aikace-aikace ko na'urori akan Intanet. Kamar yadda dandali na wayar tarho da aka shirya ya zama ruwan dare gama gari, buƙatar TLS don samar da amintaccen sadarwa akan intanet ɗin jama'a ya ƙaru. Na'urorin Algo waɗanda ke goyan bayan firmware 1.6.4 ko kuma daga baya suna tallafawa Tsaro Layer Tsaro (TLS) don duka Samar da Siginar SIP.
Lura: waɗannan ƙarshen ƙarshen ba sa goyan bayan TLS: 8180 IP Audio Aleterter (G1), 8028 IP Doorphone (G1), 8128 IP Visual Alert (G1), 8061 IP Relay Controller.

Encryption vs Tabbatar da Identity

Yayin da zirga-zirgar TLS koyaushe ke ɓoye kuma amintattu daga saurara ko gyara na ɓangare na uku, ana iya samar da ƙarin tsaro ta amfani da Takaddun shaida don tabbatar da asalin ɗayan. Wannan yana ba da damar uwar garken don tabbatar da ainihin na'urar IP Endpoint, kuma akasin haka.
Don yin rajistan shaidar, Takaddun shaida file dole ne a sanya hannu ta Hukumar Takaddun Shaida (CA). Sai wata na'urar ta duba wannan sa hannun, ta amfani da Shaidar Jama'a (Trusted) daga wannan CA.

Takaddun shaida na TLS

Algo IP Endpoints zo an riga an shigar dasu tare da saitin takaddun shaida na jama'a daga amintattun Hukumomin Takaddun shaida na ɓangare na uku (CAs), gami da Comodo, Verisign, Symantec, DigiCert, da sauransu. Hukumomin Takaddun shaida suna ba da takaddun shaida ga 'yan kasuwa don ba da damar waɗannan kasuwancin su tabbatar da hakan. sabobin su ko webShafukan gaskiya ne wadanda suka ce su ne. Na'urorin Algo na iya tabbatar da cewa yana sadarwa tare da ingantacciyar uwar garken ta hanyar tabbatar da takaddun sa hannun uwar garken akan takaddun shaida na jama'a daga CA wanda ya sanya hannu akan ta. Hakanan za'a iya loda ƙarin takaddun shaida na jama'a, don ba da damar na'urar Algo ta amince da tabbatar da ƙarin sabar waɗanda ƙila ba za a haɗa su cikin takaddun shaida da aka riga aka shigar ba (na tsohonample, takaddun shaida mai sanya hannu).

Tabbatar da Mutual

Tabbatar da Mutual yana ƙara ƙarin tsaro guda ɗaya ta hanyar buƙatar uwar garken kuma ya inganta kuma ya amince da na'urar ƙarshen, baya ga kishiyar inda ƙarshen ke tabbatar da sabar. Ana aiwatar da wannan ta amfani da Takaddun shaida na Na'ura, wanda aka sanya akan kowane Algo SIP Endpoint a lokacin ƙira. Kamar yadda ba a gyara adireshin IP na na'urar Algo (cibiyar sadarwar abokin ciniki ta ƙayyade), Algo ba zai iya buga wannan bayanin gaba da gaba tare da amintattun CAs ba, kuma a maimakon haka, waɗannan Takaddun shaida na Na'ura dole ne su sami sa hannun Algo na kansa CA.
Domin sabar ta amince da na'urar Algo, mai kula da tsarin zai buƙaci shigar da sarkar takardar shedar Algo CA ta jama'a akan sabar su (na tsohonampko SIP Phone System ko uwar garken samar da su) domin wannan uwar garken ta iya tabbatar da cewa Certificate na Na'urar da ke cikin na'urar Algo gaskiya ce.

Lura: Abubuwan ƙarshen Algo IP da aka kera a cikin 2019 (farawa da firmware 1.7.1) ko kuma daga baya an shigar da takardar shaidar na'urar daga masana'anta.
Don tabbatar da idan an shigar da takardar shaidar, kewaya zuwa Tsarin -> Game da shafin. Duba Takaddun Manufacturer. Idan ba a shigar da takardar shaidar ba, da fatan za a yi imel support@algosolutions.com.

Cipher Suites

Cipher suites jerin algorithms ne da ake amfani da su yayin zaman TLS. Kowane rukunin ya ƙunshi algorithms don tantancewa, ɓoyewa, da amincin saƙo. Na'urorin Algo suna goyan bayan algorithms ɓoye da aka saba amfani da su kamar AES256 da algorithms lambar tantance saƙo kamar SHA-2.

Takaddun shaida na Na'urar Algo

Takaddun shaida na na'urar da Algo Tushen CA ya sanya hannu an shigar da masana'anta akan na'urorin Algo tun 2019, farawa da firmware 1.7.1. Ana samar da takaddun shaida lokacin da aka kera na'urar, tare da filin suna gama gari a cikin takaddun shaida mai ɗauke da adireshin MAC na kowace na'ura.
Takaddun shaida na na'urar yana aiki na shekaru 30 kuma yana zaune a cikin wani yanki na daban, don haka ba za a goge shi ba ko da bayan masana'anta ta sake saita ƙarshen Algo.
Hakanan na'urorin Algo suna goyan bayan loda takardar shaidar na'urar ku don amfani da ita maimakon takaddun shaidar na'urar da aka girka. Ana iya shigar da wannan ta hanyar loda PEM file yana ɗauke da takaddun takaddun na'ura da maɓallin keɓaɓɓen shi zuwa ga directory 'certs' (ba littafin 'certs/amintaccen' directory!) a cikin Tsarin -> File Manager tab. Wannan file yana buƙatar a kira shi 'sip abokin ciniki.pem'.

Ana loda Takaddun shaida na Jama'a na CA zuwa Maƙallan Ƙarshen Algo SIP

Idan kana kan firmware kasa da 3.1.X, da fatan za a haɓaka na'urar.
Don shigar da takardar shaidar akan na'urar Algo mai aiki da firmware v3.1 & sama, bi matakan da ke ƙasa:

1. Sami takardar shedar jama'a daga Hukumar Takaddun shaida (kowace takardar shedar sigar X.509 mai aiki za a iya karɓa). Babu takamaiman tsari da ake buƙata don filesuna.
2. A cikin web dubawa na na'urar Algo, kewaya zuwa System -> File Manager tab.
3. Loda takaddun shaida files cikin kundin 'certs/amintattu'. Danna maɓallin Upload a saman kusurwar hagu na file manajan kuma bincika zuwa takaddun shaida.

Web Zaɓuɓɓukan Interface

HTTPS Samar da
Ana iya kiyaye samarwa ta hanyar saita 'Hanyar Zazzagewa' zuwa 'HTTPS' (a ƙarƙashin Babban Saituna> Shafin Samarwa). Wannan yana hana daidaitawa files daga karantawa ta wani ɓangare na uku maras so. Wannan yana warware yuwuwar haɗarin samun satar bayanai masu mahimmanci, kamar kalmomin shiga na admin da takaddun shaidar SIP.

Don aiwatar da tabbatarwa na ainihi akan Sabar Samarwa, kuma saita 'Validate Certificate Server' zuwa 'An kunna'. Idan Takaddun Sabar uwar garken yana da hannu ta ɗaya daga cikin CAs na kasuwanci na gama gari, to na'urar Algo yakamata ta riga ta sami takardar shaidar jama'a don wannan CA kuma ta sami damar yin tabbaci.
Loda ƙarin takaddun shaida (Takaddun shaida na Base64 na X.509 file a cikin .pem, .cer, ko .crt) ta hanyar kewayawa zuwa "System> File Manager" zuwa babban fayil 'certs/amintattu'.
NOTE: Hakanan ana iya kunna siginar 'Validate Certificate Server' ta hanyar samarwa: prov.download.cert = 1

HTTPS Web Hanyar sadarwa
Hanyar loda takardar shaidar jama'a don HTTPS web browsing yayi kama da abin da aka bayyana a sashin da ke sama. httpd.pem file takardar shaidar na'urar ce da mai binciken kwamfutarka ke buƙata lokacin da kake kewayawa zuwa IP na na'urar. Loda wani al'ada zai iya ba ku damar kawar da saƙon gargadi idan kun isa ga WebUI ta amfani da HTTPS. Ba takardar shaidar CA ba ce ta jama'a. Dole ne a loda takardar shaidar zuwa 'certs'.

Siginar SIP (da RTP Audio)

Ana kiyaye siginar SIP ta hanyar saita 'Tsarin SIP' zuwa 'TLS' (a ƙarƙashin Babban Saituna> Babban shafin SIP).

• Yana tabbatar da cewa za a ɓoye zirga-zirgar SIP.
• Siginar SIP ita ce ke da alhakin kafa kiran (alamar sarrafawa don farawa da ƙare kira tare da ɗayan), amma ba ya ƙunshi sautin.
• Don hanyar sauti (murya), yi amfani da saitin 'Offer SDP SRTP'.
• Saita wannan zuwa 'Zaɓi' yana nufin za a rufaffen bayanan odiyo na RTP na kiran SIP (ta amfani da SRTP) idan ɗayan kuma yana goyan bayan ɓoyayyen odiyo.
• Idan ɗayan ɓangarorin ba su goyi bayan SRTP ba, to har yanzu kiran zai ci gaba, amma tare da sautin da ba a ɓoye ba. Don yin ɓoyayyen odiyo ya zama tilas ga duk kira, saita 'Offer SDP SRTP' zuwa 'Standard'. A wannan yanayin, idan ɗayan ɓangarorin ba su goyi bayan ɓoyayyen sauti ba, to za a ƙi yunƙurin kiran.
• Don yin tabbaci na ainihi akan SIP Server, kuma saita 'Gabatar da Takaddun Sabar' zuwa 'An kunna'.
• Idan Takaddun Sabar uwar garken SIP ta sami sa hannun ɗayan CAs na kasuwanci na gama gari, to na'urar Algo yakamata ta riga ta sami takardar shedar jama'a ta wannan CA kuma ta sami damar yin tabbaci. Idan ba haka ba (don examptare da takaddun sa hannu), sannan ana iya loda takardar shaidar jama'a da ta dace zuwa na'urar Algo kamar yadda aka bayyana a baya a cikin wannan takaddar.

Shafin TLS 1.2
Na'urorin Algo masu aiki da firmware v3.1 & sama suna goyan bayan TLS v1.1 da v1.2. 'Force Secure TLS
Za a iya amfani da zaɓin sigar don buƙatar haɗin TLS don amfani da TLSv1.2. Don kunna wannan fasalin:

• Je zuwa Babba saituna> Babba SIP
• Saita 'Force amintaccen Sigar TLS' kamar yadda aka kunna kuma adana.
  NOTE: An cire wannan zaɓi a cikin v4.0+ tunda TLS v1.2 ana amfani da shi ta tsohuwa

Zazzage Takaddun shaida na Algo

A ƙasa akwai saitin hanyoyin haɗin yanar gizo don zazzage sarkar takardar shedar Algo CA. The files za a iya shigar a kan SIP Server ko Sabar Sabar don waɗannan sabobin su tabbatar da Takaddun shaida na Na'ura akan Algo SIP Endpoints, kuma don haka ba da izinin Tabbatar da Mutual:
Algo Tushen CA: http://firmware.algosolutions.com/pub/certs/algo_issuing.crt
Algo Intermediate CA: http://firmware.algosolutions.com/pub/certs/algo_intermediate.crt
Takardun Jama'a na Algo: http://firmware.algosolutions.com/pub/certs/algo_ca.crt

Shirya matsala

Idan ba a gama musafaha na TLS ba, da fatan za a aika kama fakiti zuwa tallafin Algo don bincike. Don yin haka, dole ne ku kalli zirga-zirgar ababen hawa, daga tashar jiragen ruwa an haɗa wurin ƙarshen Algo zuwa kan hanyar sadarwa, komawa zuwa kwamfuta.

Algo Sadarwa Products Ltd.
4500 Beedie St Burnaby BC Kanada V5J 5L2
www.algosolutions.com
604-454-3792
support@algosolutions.com

Takardu / Albarkatu

ALGO TLS Tsaro Layer Tsaro [pdf] Umarni TLS, Tsaro Layer Tsaro, Layer Tsaro, TLS, Transport Layer

Magana

• Manual mai amfani