Cisco Cisco TelePresence Video Communication Server Expressway Maintenance Manual
5.
You are returned to the Server certificate page. From here you can:
—
Download the request to your local file system so that it can be sent to a certificate authority. You are
prompted to save the file (the exact wording depends on your browser).
prompted to save the file (the exact wording depends on your browser).
—
View the current request (click Show (decoded) to view it in a human-readable form, or click Show (PEM
file) to view the file in its raw format).
file) to view the file in its raw format).
Note:
■
Only one signing request can be in progress at any one time. This is because the VCS has to keep track of the
private key file associated with the current request. To discard the current request and start a new request,
click Discard CSR.
private key file associated with the current request. To discard the current request and start a new request,
click Discard CSR.
■
From version X8.5.1 the user interface provides an option to set the Digest algorithm. The default is set to
SHA-256, with options to change to SHA-1, SHA-384, or SHA-512.
SHA-256, with options to change to SHA-1, SHA-384, or SHA-512.
■
The certificate signing request storage location changed in X8.
When you generate a CSR in X7, the application puts csr.pem and privkey_csr.pem into
/tandberg/persistent/certs.
/tandberg/persistent/certs.
When you generate a CSR in X8, the application puts csr.pem and privkey.pem into
/tandberg/persistent/certs/generated_csr.
/tandberg/persistent/certs/generated_csr.
If you want to upgrade from X7 and have an unsubmitted CSR, then we recommend discarding the CSR before
upgrade, and then regenerating the CSR after upgrade.
upgrade, and then regenerating the CSR after upgrade.
Uploading a new server certificate
When the signed server certificate is received back from the certificate authority it must be uploaded to the VCS.
The Upload new certificate section is used to replace the VCS's current server certificate with a new certificate.
To upload a server certificate:
1.
Go to Maintenance > Security certificates > Server certificate.
2.
Use the Browse button in the Upload new certificate section to select and upload the server certificate PEM
file.
file.
3.
If you used an external system to generate the Certificate Signing Request (CSR) you must also upload the
server private key PEM file that was used to encrypt the server certificate. (The private key file will have been
automatically generated and stored earlier if the VCS was used to produce the CSR for this server certificate.)
server private key PEM file that was used to encrypt the server certificate. (The private key file will have been
automatically generated and stored earlier if the VCS was used to produce the CSR for this server certificate.)
—
The server private key PEM file must not be password protected.
—
You cannot upload a server private key if a certificate signing request is in progress.
4.
Click Upload server certificate data.
Server Certificates and Clustered Systems
When a CSR is generated, a single request and private key combination is generated for that peer only.
If you have a cluster of VCSs, you must generate a separate signing request on each peer. Those requests must then
be sent to the certificate authority and the returned server certificates uploaded to each relevant peer.
be sent to the certificate authority and the returned server certificates uploaded to each relevant peer.
You must ensure that the correct server certificate is uploaded to the appropriate peer, otherwise the stored private
key on each peer will not correspond to the uploaded certificate.
key on each peer will not correspond to the uploaded certificate.
Server Certificates and Unified Communications
VCS Control server certificate requirements
The VCS Control server certificate needs to include the following elements in its list of subject alternate names:
284
Cisco TelePresence Video Communication Server Administrator Guide