I-ALGO - uphawuI-TLS Transport Layer Security
Incwadi Yeziqondiso

Ukuvikela izindawo zokugcina ze-Algo IP:
I-TLS kanye Nokuqinisekisa Okuhlanganyelwe

Udinga Usizo?
604-454-3792 or support@algosolutions.com 

Okuqukethwe fihla
1 Isingeniso ku-TLS
2 Ukubethela vs Ukuqinisekiswa Kobunikazi
3 Izitifiketi ze-TLS
4 Ukuqinisekisa Okuhlanganyelwe
5 I-Cipher Suites
6 Izitifiketi Zedivayisi ye-Algo
7 Ilayisha Izitifiketi Ze-CA Zomphakathi ku-Algo SIP Endpoints
8 Web Izinketho zesixhumi esibonakalayo
9 Ukusayina kwe-SIP (kanye ne-RTP Audio)
10 Landa Izitifiketi ze-Algo
11 Ukuxazulula inkinga
12 Amadokhumenti / Izinsiza
12.1 Izithenjwa
13 Okuthunyelwe Okuhlobene

Isingeniso ku-TLS

I-TLS (Ukuphepha Kwesendlalelo Sezokuthutha) iphrothokholi eyimfihlo enikeza ubuqiniso, ubumfihlo, nokuvikeleka ekugcineni kwedatha ethunyelwa phakathi kwezinhlelo zokusebenza noma amadivayisi nge-inthanethi. Njengoba izinkundla zocingo ezisingathiwe sezivame kakhulu, isidingo sokuthi i-TLS inikeze ukuxhumana okuphephile nge-inthanethi yomphakathi siye sakhula. Amadivayisi e-Algo asekela i-firmware 1.6.4 noma kamuva asekela i-Transport Layer Security (TLS) kukho kokubili Ukunikezwa Nokusayina kwe-SIP.
Qaphela: iziphetho ezilandelayo azisekeli i-TLS: 8180 IP Audio Alerter (G1), 8028 IP Doorphone (G1), 8128 IP Visual Alerter (G1), 8061 IP Relay Controller.

Ukubethela vs Ukuqinisekiswa Kobunikazi

Nakuba ithrafikhi ye-TLS ihlale ibethelwe futhi iphephile ekulaleleni noma ekulungisweni kwenkampani yangaphandle, isendlalelo esengeziwe sokuvikela singanikezwa ngokusebenzisa Izitifiketi ukuze kuqinisekiswe ubunikazi bolunye uhlangothi. Lokhu kuvumela Iseva ukuthi iqinisekise ubunikazi bedivayisi ye-IP Endpoint, futhi ngokuphambene nalokho.
Ukuze wenze isheke kamazisi, Isitifiketi file kufanele isayinwe yiSiphathimandla Sesitifiketi (CA). Enye idivayisi ibe isihlola lesi siginesha, isebenzisa Isitifiketi Esisesidlangalaleni (Esithenjwayo) esivela kule CA.

Izitifiketi ze-TLS

I-Algo IP Endpoints iza ifakwe kuqala nesethi yezitifiketi zomphakathi ezivela kuziphathimandla ezithenjwayo zesitifiketi (ama-CAs), okuhlanganisa i-Comodo, i-Verisign, i-Symantec, i-DigiCert, njll. Iziphathimandla zesitifiketi zihlinzeka ngezitifiketi ezisayiniwe emabhizinisini ukuze zivumele lawa mabhizinisi ukufakazela lokho. amaseva abo noma webamasayithi empeleni asho ukuthi anguye. Amadivayisi e-Algo angaqinisekisa ukuthi axhumana neseva eyiqiniso ngokuqinisekisa izitifiketi ezisayiniwe zeseva ngokumelene nezitifiketi zomphakathi ezivela ku-CA ezisayine. Izitifiketi ezengeziwe zomphakathi nazo zingalayishwa, ukuze kuvunyelwe idivayisi ye-Algo ukuthi ithembe futhi iqinisekise amaseva engeziwe angase angafakwa ezitifiketini ezifakwe kuqala (ngokwesibonelo.ample, izitifiketi ozisayinayo).

Ukuqinisekisa Okuhlanganyelwe

Ukuqinisekiswa Okuhlanganyelwe kwengeza isendlalelo esisodwa sokuvikela ngokudinga iseva ukuthi iphinde iqinisekise futhi ithembe idivayisi yephoyinti lokugcina, ngaphezu kolunye uhlangothi lwephoyinti lokugcina eliqinisekisa iseva. Lokhu kusetshenziswa kusetshenziswa Isitifiketi Sedivayisi esiyingqayizivele, esifakwe endaweni ngayinye yokugcina ye-Algo SIP ngesikhathi sokukhiqiza. Njengoba ikheli lasesizindeni se-inthanethi ledivayisi ye-Algo lingalungisiwe (kunqunywa inethiwekhi yekhasimende), i-Algo ayikwazi ukushicilela lolu lwazi kusenesikhathi ngama-CA athenjwayo, futhi esikhundleni salokho, lezi Zitifiketi Zedivayisi kufanele zisayinwe i-Algo's own CA.
Ukuze iseva ithembe idivayisi ye-Algo, umlawuli wesistimu uzodinga ukufaka uchungechunge lwesitifiketi se-Algo CA esisesidlangalaleni kuseva yabo (ngokwesibonelo.ample Uhlelo Lwefoni ye-SIP noma iseva yabo yokuhlinzeka) ukuze le seva ikwazi ukuqinisekisa ukuthi Isitifiketi Sedivayisi kudivayisi ye-Algo siyiqiniso ngempela.

Qaphela: I-Algo IP endpoints ekhiqizwe ngo-2019 (kuqala nge-firmware 1.7.1) noma kamuva izoba nesitifiketi sedivayisi esifakwe efekthri.
Ukuze uqinisekise ukuthi isitifiketi sifakiwe, zulazula uye kokuthi System -> Mayelana nethebhu. Bheka Isitifiketi Somkhiqizi. Uma isitifiketi singafakiwe, sicela usithumele i-imeyili support@algosolutions.com. I-ALGO TLS Ukuphepha Kwezendlalelo Zokuthutha - Umfanekiso 1

I-Cipher Suites

Ama-cipher suites amasethi ama-algorithms asetshenziswa phakathi neseshini ye-TLS. I-suite ngayinye ihlanganisa ama-algorithms okufakazela ubuqiniso, ukubethela, nokuqinisekisa umlayezo. Amadivayisi e-Algo asekela ama-algorithms amaningi okubethela avame ukusetshenziswa njenge-AES256 kanye nama-algorithms ekhodi yokuqinisekisa umlayezo njenge-SHA-2.

Izitifiketi Zedivayisi ye-Algo

Izitifiketi Zedivayisi ezisayinwe i-Algo Root CA zifakwe njengasekuqaleni kumadivayisi e-Algo kusukela ngo-2019, kuqala nge-firmware 1.7.1. Isitifiketi sikhiqizwa lapho idivayisi ikhiqizwa, nenkambu yegama elivamile kusitifiketi esiqukethe ikheli le-MAC kudivayisi ngayinye.
Isitifiketi sedivayisi sisebenza iminyaka engu-30 futhi sihlala engxenyeni ehlukile, ngakho-ke ngeke sisulwe ngisho nangemva kokusetha kabusha kwasekuqaleni indawo yokugcina ye-Algo.
Amadivayisi e-Algo aphinde asekele ukulayisha isitifiketi sakho sedivayisi ozosisebenzisa esikhundleni sesitifiketi sedivayisi efakwe njengasekuqaleni. Lokhu kungafakwa ngokulayisha i-PEM file equkethe kokubili isitifiketi sedivayisi kanye nokhiye oyimfihlo kuhla lwemibhalo 'lwezitifiketi' (hhayi uhla lwemibhalo 'lwezitifiketi/abathenjwayo'!) Kusistimu -> File Ithebhu yomphathi. Lokhu file idinga ukubizwa ngokuthi 'sip client.pem'.

Ilayisha Izitifiketi Ze-CA Zomphakathi ku-Algo SIP Endpoints

Uma uku-firmware engaphansi kuka-3.1.X, sicela uthuthukise idivayisi.
Ukufaka isitifiketi kudivayisi ye-Algo esebenzisa i-firmware v3.1 nangaphezulu, landela lezi zinyathelo ezingezansi:

  1. Thola isitifiketi esisesidlangalaleni Kwabaphathi Besitifiketi sakho (noma isiphi isitifiketi esivumelekile sefomethi ye-X.509 singamukelwa). Ayikho ifomethi ethile edingekayo ku- fileigama.
  2. Kwe web isikhombimsebenzisi sedivayisi ye-Algo, zulazulela kuSistimu -> File Ithebhu yomphathi.
  3. Layisha isitifiketi files kumkhombandlela othi 'ama-certs/trusted'. Chofoza inkinobho ethi Layisha ekhoneni eliphezulu kwesokunxele le- file umphathi bese upheqa kusitifiketi.

Web Izinketho zesixhumi esibonakalayo

Ukunikezwa kwe-HTTPS
Ukunikezwa kungavikelwa ngokusetha 'Indlela Yokulanda' iye ku-'HTTPS' (ngaphansi kwethebhu ethi Izilungiselelo Ezithuthukisiwe > Ukunikeza). Lokhu kuvimbela ukucushwa files ekufundweni ngumuntu wesithathu ongafunwa. Lokhu kuxazulula ingcuphe engaba khona yokuntshontshwa kwedatha ebucayi, njengamaphasiwedi omlawuli kanye nemininingwane ye-SIP. I-ALGO TLS Ukuphepha Kwezendlalelo Zokuthutha - Umfanekiso 2

Ukuze wenze ukuqinisekiswa kobunikazi Kuseva Yokunikeza, phinda usethe okuthi 'Qinisekisa Isitifiketi Seseva' sithi 'Kunikwe amandla'. Uma Isitifiketi seseva yokuhlinzeka sisayinwe enye yezohwebo ezivamile ze-CA, idivayisi ye-Algo kufanele isivele inesitifiketi esisesidlangalaleni sale CA futhi ikwazi ukwenza ukuqinisekiswa.
Layisha izitifiketi ezengeziwe (isitifiketi se-Base64 esibhalwe ngekhodi X.509 file ngefomethi ye-.pem, .cer, noma .crt) ngokuzulazula kokuthi “Isistimu > File Umphathi” kufolda 'yezitifiketi/othenjwayo'.
QAPHELA: Ipharamitha 'Yokuqinisekisa Isitifiketi Seseva' ingabuye inikwe amandla ngokulungiselela: prov.download.cert = 1

I-HTTPS Web Isivumelwano Sokuxhumana
Inqubo yokulayisha isitifiketi esisesidlangalaleni se-HTTPS web ukuphequlula kuyafana nalokho okuchazwe esigabeni esingenhla. I-httpd.pem file yisitifiketi sedivayisi esicelwe isiphequluli sekhompyutha yakho uma uzulazulela ku-IP yedivayisi. Ukulayisha okungokwezifiso kungase kukuvumele ukuthi ukhiphe umlayezo oyisixwayiso uma ufinyelela WebI-UI isebenzisa i-HTTPS. Akusona isitifiketi se-CA esisesidlangalaleni. Isitifiketi kufanele silayishwe 'kuma-certs'. I-ALGO TLS Ukuphepha Kwezendlalelo Zokuthutha - Umfanekiso 3

Ukusayina kwe-SIP (kanye ne-RTP Audio)

Ukusayinda kwe-SIP kuvikelwa ngokusetha 'Izokuthutha ze-SIP' kuya ku-'TLS' (ngaphansi kwe-Izilungiselelo Ezithuthukisiwe > ithebhu ye-SIP Ethuthukisiwe).

  • Iqinisekisa ukuthi ithrafikhi ye-SIP izobethelwa.
  • Ukusayinda kwe-SIP kunesibopho sokusungula ucingo (amasiginali okulawula ukuqala nokuvala ucingo nomunye umuntu), kodwa awuqukethe umsindo.
  • Ngomzila womsindo (izwi), sebenzisa isilungiselelo esithi 'Umnikelo we-SDP SRTP'.
  • Ukusetha lokhu kube 'Ongakukhetha' kusho ukuthi idatha yomsindo ye-RTP yekholi ye-SIP izobethelwa (kusetshenziswa i-SRTP) uma enye inhlangano futhi isekela ukubethela komsindo.
  • Uma elinye iqembu lingayisekeli i-SRTP, ikholi isazoqhubeka, kodwa ngomsindo ongabetheliwe. Ukuze wenze ukubethela komsindo kube yisibopho kuzo zonke izingcingo, setha okuthi 'SDP SRTP Ukunikezwa' kube 'Okuvamile'. Kulesi simo, uma enye inhlangano ingakusekeli ukubethelwa komsindo, umzamo wekholi uzonqatshwa.
  • Ukuze wenze ukuqinisekiswa kobunikazi Kuseva ye-SIP, phinda usethe okuthi 'Qinisekisa Isitifiketi Seseva' sithi 'Kunikwe amandla'.
  • Uma Isitifiketi seseva ye-SIP sisayinwe enye yezohwebo ezivamile ze-CA, idivayisi ye-Algo kufanele isivele inesitifiketi esisesidlangalaleni sale CA futhi ikwazi ukwenza ukuqinisekiswa. Uma kungenjalo (ngokwesiboneloample ngezitifiketi zokuzisayina), bese isitifiketi esifanelekile esisesidlangalaleni singalayishwa kudivayisi ye-Algo njengoba kuchazwe ngaphambili kule dokhumenti.

I-ALGO TLS Ukuphepha Kwezendlalelo Zokuthutha - Umfanekiso 4

Inguqulo ye-TLS 1.2
Amadivayisi e-Algo asebenzisa i-firmware v3.1 nangaphezulu asekela i-TLS v1.1 kanye ne-v1.2. 'Phoqelela Ukuvikela i-TLS
Inketho yenguqulo ingase isetshenziselwe ukudinga uxhumano lwe-TLS ukusebenzisa i-TLSv1.2. Ukuze unike lesi sici amandla:

  • Iya kokuthi Izilungiselelo Ezithuthukile > I-SIP Ethuthukisiwe
  • Setha okuthi 'Phoqelela inguqulo ye-TLS evikelekile' njengenikwe amandla futhi ulondoloze.
    QAPHELA: Le nketho isusiwe ku-v4.0+ njengoba i-TLS v1.2 isetshenziswa ngokuzenzakalelayo

Landa Izitifiketi ze-Algo

Ngezansi kukhona isethi yezixhumanisi zokulanda uchungechunge lwesitifiketi se-Algo CA. I files ingafakwa Kuseva ye-SIP noma Iseva Yokunikeza ukuze lawa maseva aqinisekise Izitifiketi Zedivayisi Kumaphoyinti Okugcina e-Algo SIP, futhi ngaleyo ndlela avumele Ukuqinisekiswa Okuhlanganyelwe:
I-Algo Root CA: http://firmware.algosolutions.com/pub/certs/algo_issuing.crt
I-Algo Intermediate CA: http://firmware.algosolutions.com/pub/certs/algo_intermediate.crt
I-Algo Public Certificate: http://firmware.algosolutions.com/pub/certs/algo_ca.crt

Ukuxazulula inkinga

Uma ukuxhawula kwe-TLS kungaqediwe, sicela uthumele ukuthwebula kwephakethe kusekelo lwe-Algo ukuze luhlaziywe. Ukuze wenze lokho kuzodingeka ubonise ithrafikhi, ukusuka embotsheni indawo yokugcina ye-Algo ixhunywe kuyo ekushintsheni kwenethiwekhi, ibuyele kukhompuyutha.

I-Algo Communication Products Ltd
4500 Beedie St Burnaby BC Canada V5J 5L2
www.alololololololm.com
604-454-3792
support@algosolutions.com

Amadokhumenti / Izinsiza

I-ALGO TLS Ezokuphepha Zendlalelo Zokuthutha [pdf] Iziyalezo
I-TLS, I-Transport Layer Security, I-Layer Security, i-TLS, Isendlalelo Sezokuthutha

Izithenjwa

Okuthunyelwe Okuhlobene

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *