Grandstream UCM6100 Security Manual User Manual

UCM6100 Security Manual Page 15 of 23

here so authenticity of their certificate can be verified. If the server uses a certificate that is signed

by one of the larger CAs, you should install a copy of server CA certificate here.



TLS Cert

This is used when UCM6100 acts as a server.

It’s sent to the client during TLS handshake. The

TLS Cert should include the key and server certificate. The

“common name” field in the server

certificate should match the server host (either IP or domain name). This is required if the client

side is another UCM6100 (not a standard, some clients do not have this requirement for server

authentication). If not matching, authentication on the UCM6100 (client) fails and the TLS

connection cannot get established.



TLS Do Not Verify

This is effective when UCM6100 acts as a client.

If set to “Yes”, the server’s certificate (sent to the

client during TLS Handshake) won’t be verified. Considering if two UCM6100s are peered, since

the de

fault certificate built in UCM6100 at the factory has “common name” equaling “localhost”

which is not a valid IP address, authentication will fail for sure. So this is the default setting to avoid

authentication failure when using default certificate. Please note s

kipping verification won’t have

effect on encrypting SIP messages.

If set to “No”, UCM6100 (client) will verify the server’s

certificate using “TLS Self-Signed CA”.

Please note that administrator also needs configure

“SIP Transport” to be “TLS” on the SIP endpoint

device to encrypt SIP messages sent to the UCM6100.