Cisco Cisco TelePresence MCU 4510 Maintenance Manual
■
The Encrypted SIP (TLS) checkbox on the Network > Services page should be checked, for either IPv4 or
IPv6, or both (depending on your requirements).
IPv6, or both (depending on your requirements).
■
The Use local certificate for outgoing connections and registrations checkbox should be checked if your
environment dictates that the SIP registrar must receive the MCU's certificate.
environment dictates that the SIP registrar must receive the MCU's certificate.
Caution:
A local certificate and private key are pre-installed on the MCU and are used by default for HTTPS access.
As all MCUs have identical default certificates and keys, to ensure security we recommend that you replace it with
your organization's own certificate and private key (see below).
your organization's own certificate and private key (see below).
Managing the Local Certificate
Uploading a Local Certificate and Private Key
1.
Go to Network > SSL certificates.
2.
Go to the Local certificate configuration section.
3.
Click Browse for the Certificate field to navigate to the certificate .pem file.
4.
Click Browse for the Private key field to navigate to the private key file that accompanies your certificate.
You must upload the certificate and its key simultaneously.
5.
In the Private key encryption password field, type the relevant password.
6.
Click Upload certificate and key.
The uploaded certificate overwrites the previously held certificate.
7.
Restart the MCU.
Deleting a Local Certificate and Private Key
1.
Go to the Local certificate section.
2.
Click Delete custom certificate and key.
3.
Restart the MCU.
Managing Trust Stores
A trust store is a collection of certificates from intermediate and root certificate authorities against which the MCU
can attempt to verify client certificates it receives.
can attempt to verify client certificates it receives.
The MCU can hold three trust store files - one for HTTPS connections, one for SIP TLS connections and one for Call
Home connections to verify the connection to the Smart Call Home server. When you upload a new trust store file, the
previously held file is overwritten.The MCU has a certificate pre-installed, however, it is possible to delete and upload
new certificates. You can also reset the certificate to default.’
Home connections to verify the connection to the Smart Call Home server. When you upload a new trust store file, the
previously held file is overwritten.The MCU has a certificate pre-installed, however, it is possible to delete and upload
new certificates. You can also reset the certificate to default.’
Putting Multiple CA Certificates in a Trust Store
1.
Open the first certificate in a text editor, and save it as yourfilename.pem.
2.
Open the next certificate in your text editor, and copy all the lines from
-----Begin Certificate-----
to
-----
End Certificate-----
(inclusive).
3.
Paste the text block at the end of yourfilename.pem.
Repeat this to copy as many certificate blocks into your .pem file as you need to, making sure not to modify
any of the pasted text.
any of the pasted text.
4.
Save the resulting file.
225
Cisco TelePresence MCU Series Online Printable Help