Cisco Cisco Expressway 维护手册
l
The Username format field can contain a mixture of fixed text and the capture group names used in the
Regex. Delimit each capture group name with #, for example, prefix#Group1#suffix. Each
capture group name will be replaced with the text obtained from the regular expression processing.
Regex. Delimit each capture group name with #, for example, prefix#Group1#suffix. Each
capture group name will be replaced with the text obtained from the regular expression processing.
3. Click Check certificate.
The results of the test are shown in the
Certificate test results
section. The Resulting string item is the
username credential that would be checked against the relevant authorization mechanism to determine
that user's authorization (account access) level.
that user's authorization (account access) level.
4. If necessary, you can modify the Regex and Username format fields and repeat the test until the correct
results are produced.
Note that if the Certificate source is an uploaded PEM or plain text file, the selected file is temporarily
uploaded to the Expressway when the test is first performed:
Note that if the Certificate source is an uploaded PEM or plain text file, the selected file is temporarily
uploaded to the Expressway when the test is first performed:
l
if you want to keep testing different Regex and Username format combinations against the same file,
you do not have to reselect the file for every test
you do not have to reselect the file for every test
l
if you change the contents of your test file on your file system, or you want to choose a different file, you
must click Browse again and select the new or modified file to upload
must click Browse again and select the new or modified file to upload
5. If you have changed the Regex and Username format fields from their default values and want to use
these values in the Expressway's actual configuration (as specified on the
Certificate-based
authentication configuration
page) then click Make these settings permanent.
Note:
n
Any uploaded test file is automatically deleted from the Expressway at the end of your login session.
n
The regex is applied to a plain text version of an encoded certificate. The system uses the command
openssl x509 -text -nameopt RFC2253 -noout
openssl x509 -text -nameopt RFC2253 -noout
to extract the plain text certificate from its
encoded format.
Testing secure traversal
This utility tests whether a secure connection can be made from the Expressway-C to the Expressway-E. A
secure connection is required for a Unified Communications traversal zone, and is optional (recommended)
for a normal traversal zone.
secure connection is required for a Unified Communications traversal zone, and is optional (recommended)
for a normal traversal zone.
If the secure traversal test fails, the utility raises a warning with appropriate resolution where possible.
1. On the Expressway-C, go to
Maintenance > Security certificates > Secure traversal test
.
2. Enter the FQDN of the Expressway-E that is paired with this Expressway-C.
3. Enter the TLS verify name of this Expressway-C, as it appears on the paired Expressway-E.
This setting is in the SIP section of the Expressway-E's traversal zone configuration page.
4. Click Test connection.
The secure traversal test utility checks whether the hosts on either side of the traversal zone recognize
each other and trust each others' certificate chains.
each other and trust each others' certificate chains.
Cisco Expressway Administrator Guide (X8.5)
Page 229 of 394
Maintenance
About security certificates