Cisco Cisco TelePresence MCU 4510 Administrator's Guide
To enable OCSP checking for the MCU, do the following:
1. Ensure that an appropriate HTTPS trust store has been installed on the MCU (
Network > SSL
certificates
).
2. Go to
Network > Services
and enable both HTTP and HTTPS.
3. Go to
Settings > Security
and disable Redirect HTTP requests to HTTPS. This ensures that you can
fall back to HTTP if problems occur.
4. Go to
Network > SSL certificates
.
a. Scroll to the
Online certificate status protocol (OCSP)
section.
b. Set Certificate to check to HTTPS client certificates.
c. Enter the URL of the external OCSP server and set any options you require.
d. Click Apply changes.
c. Enter the URL of the external OCSP server and set any options you require.
d. Click Apply changes.
5. Now test that you are able to log in to the MCU over an HTTPS connection. Only proceed to the next step
if you can successfully log in.
6. Do one of the following, as appropriate for your configuration:
l
Go to
Network > Services
and disable HTTP.
l
Go to
Settings > Security
and enable Redirect HTTP requests to HTTPS.
Requiring certificate-only login (all connections)
To transition from password-based authentication to required certificate-based authentication for all
connection types, do the following:
connection types, do the following:
1. Ensure that an appropriate HTTPS trust store is installed on the MCU (
Network > SSL certificates
) and
that the web browser(s) to be used to access the MCU are configured with a valid client certificate.
2. Go to
Network > Services
and enable both HTTP and HTTPS.
3. Go to
Settings > Security
and disable Redirect HTTP requests to HTTPS (uncheck the check box).
This ensures that you can fall back to HTTP if problems occur.
4. Go to
Network > SSL certificates
:
a. Scroll to the
HTTPS trust store
section.
b. Set Client certificate security to Certificate-based authentication allowed.
Do NOT set Client certificate security to Certificate-based authentication required yet.
c. Click Apply changes.
5. Now test that you are able to log in to the MCU over an HTTPS connection using a certificate. Only
proceed to the next step if you can successfully log in with a certificate.
6. Assuming the previous step succeeded, go to the Client certificate security option again and this time
set it to Certificate-based authentication required.
7. Click Apply changes and confirm at the prompt.
It is now not possible to log in over HTTP. To log in over HTTPS requires a valid client certificate signed
by a certificate authority, which matches the HTTPS trust store on the MCU.
by a certificate authority, which matches the HTTPS trust store on the MCU.
8. Do one of the following, as appropriate for your configuration:
l
Go to
Network > Services
and disable HTTP.
l
Go to
Settings > Security
and enable Redirect HTTP requests to HTTPS.
Cisco TelePresence MCU Series Administrator Guide
Page 261 of 300
Advanced topics
Transitioning to certificate-based security