When acting as a CBSD, the 7705 SAR-Hmc must complete TLS authentication in order to communicate with the SAS server. The 7705 SAR-Hmc supports TLS 1.2. For information about TLS, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide.
The operator must configure the client TLS profile using the config>system>security>tls>client-tls-profile and the config>port>cellular>cbsd-authorization>client-tls-profile command so that the CBSD can authenticate with the SAS server. The client TLS profile defines the cipher list, client certificate, and trust anchor that the node will use when communicating with the SAS server. For information about the client-tls-profile command and related parameters at the system security level, see the 7450 ESS, 7750 SR, 7950 XRS, and VSR Classic CLI Command Reference Guide.
For mutual authentication, the CBSD authenticates the SAS server and the SAS server authenticates the CBSD. During the TLS message exchange, the CBSD authenticates the SAS server using the procedures in RFC 2818, HTTP Over TLS. Server certificate validation is performed according to RFC 5280, Internet X.509 PKI Certificate and Certificate Revocation List (CRL) Profile. If the CBSD cannot authenticate the server, the TLS connection establishment procedure is aborted. The CBSD reattempts the TLS connection every 60 s.
The CBSD sends its client certificate to the SAS server, where the SAS performs the client authentication based on RFC 5280. If the SAS server fails to authenticate the CBSD, the TLS connection is terminated.