Cisco Cisco TelePresence MCU 4510 Maintenance Manual
4.
Go to Network > SSL certificates.
a.
Scroll to the HTTPS trust store section.
b.
Set Client certificate security to Verify certificate (to have client certificate validation but no certificate
login) or Certificate-based authentication allowed (to have client certificate validation and to allow
certificate-based login).
login) or Certificate-based authentication allowed (to have client certificate validation and to allow
certificate-based login).
c.
Click Apply changes.
5.
Now test that you are able to log in to the MCU over an HTTPS connection.
a.
First verify that you can log in using the standard password login mechanism.
b.
If you specified Certificate-based authentication allowed in the previous step, also verify that certificate-
based login is working as expected. This step is recommended, although strictly not essential as
Certificate-based authentication allowed mode still allows password login if certificate login fails.
based login is working as expected. This step is recommended, although strictly not essential as
Certificate-based authentication allowed mode still allows password login if certificate login fails.
Note:
Provided that this procedure is successful, you can now disable HTTP (Network > Services) or enable
redirection from HTTP to HTTPS (Settings > Security) if either are required by your configuration.
Enabling OCSP Checking
Caution:
The MCU will only perform OCSP checking if client certificate security mode is enabled. To do this go to
Network > SSL certificates and set the Client certificate security option. When you first enable OCSP checking, set
Client certificate security to one of the 'lesser' modes (Verify certificate or Certificate-based authentication
allowed). If you want to set it to Certificate-based authentication required, only do so after you have completed the
procedure for
Client certificate security to one of the 'lesser' modes (Verify certificate or Certificate-based authentication
allowed). If you want to set it to Certificate-based authentication required, only do so after you have completed the
procedure for
and you are certain that OCSP checking is working
correctly.
To enable OCSP checking for the MCU, do the following:
1.
Ensure that an appropriate HTTPS trust store has been installed on the MCU (Network > SSL certificates).
2.
Go to Network > Services and enable both HTTP and HTTPS.
3.
Go to Settings > Security and disableRedirect HTTP requests to HTTPS. This ensures that you can fall back
to HTTP if problems occur.
to HTTP if problems occur.
4.
Go to Network > SSL certificates.
a.
Scroll to the Online certificate status protocol (OCSP) section.
b.
Set Certificate to check to HTTPS client certificates.
c.
Enter the URL of the external OCSP server and set any options you require.
d.
Click Apply changes.
5.
Now test that you are able to log in to the MCU over an HTTPS connection. Only proceed to the next step if you
can successfully log in.
can successfully log in.
6.
Do one of the following, as appropriate for your configuration:
—
Go to Network > Services and disable HTTP.
—
Go to Settings > Security and enable Redirect HTTP requests to HTTPS.
Requiring Certificate-Only Login (All Connections)
To transition from password-based authentication to required certificate-based authentication for all connection
types, do the following:
types, do the following:
1.
Ensure that an appropriate HTTPS trust store is installed on the MCU (Network > SSL certificates) and that the
web browser(s) to be used to access the MCU are configured with a valid client certificate.
web browser(s) to be used to access the MCU are configured with a valid client certificate.
2.
Go to Network > Services and enable both HTTP and HTTPS.
3.
Go to Settings > Security and disableRedirect HTTP requests to HTTPS (uncheck the check box). This
ensures that you can fall back to HTTP if problems occur.
ensures that you can fall back to HTTP if problems occur.
231
Cisco TelePresence MCU Series Online Printable Help