Cisco Cisco Expressway 维护手册
for more information about how rich media session and TURN relay
option key licenses are shared across all peers in the cluster.
, for all option keys and associated PIDs.
Adding option keys using the web interface
To add an option key:
1.
In the Add option key field, enter the key that has been provided to you for the option you want to add.
2.
Click Add option.
The following option keys require that you restart the Expressway before the option key takes effect:
■
Traversal Server
■
Expressway Series
■
Advanced Account Security (if moved into FIPS mode)
When a restart is required, you receive an alarm on the web interface, which remains in place as a notification until
you restart the system. However, you can continue to use and configure the Expressway in the meantime.
you restart the system. However, you can continue to use and configure the Expressway in the meantime.
Adding option keys using the CLI
To return the indexes of all the option keys that are already installed on your system:
xStatus Options
To add a new option key to your system:
xConfiguration Option [1..64] Key
Note:
when using the CLI to add an extra option key, you can use any unused option index. If you chose an existing
option index, that option will be overwritten and the extra functionality provided by that option key will no longer exist.
To see which indexes are currently in use, type
To see which indexes are currently in use, type
xConfiguration option
.
About Security Certificates
For extra security, you may want to have the Expressway communicate with other systems (such as LDAP servers,
neighbor Expressways, or clients such as SIP endpoints and web browsers) using TLS encryption.
neighbor Expressways, or clients such as SIP endpoints and web browsers) using TLS encryption.
For this to work successfully in a connection between a client and server:
■
The server must have a certificate installed that verifies its identity. This certificate must be signed by a
Certificate Authority (CA).
Certificate Authority (CA).
■
The client must trust the CA that signed the certificate used by the server.
The Expressway allows you to install a certificate that can represent the Expressway as either a client or a server in
connections using TLS. The Expressway can also authenticate client connections (typically from a web browser) over
HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS
client certificates.
connections using TLS. The Expressway can also authenticate client connections (typically from a web browser) over
HTTPS. You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS
client certificates.
The Expressway can generate server certificate signing requests (CSRs). This removes the need to use an external
mechanism to generate certificate requests.
mechanism to generate certificate requests.
For secure communications (HTTPS and SIP/TLS) we recommend that you replace the Expressway default certificate
with a certificate generated by a trusted certificate authority.
with a certificate generated by a trusted certificate authority.
Note that in connections:
■
to an endpoint, the Expressway acts as the TLS server
■
to an LDAP server, the Expressway is a client
257
Cisco Expressway Administrator Guide
Maintenance