Cisco Cisco Unified IP Interactive Voice Response (IVR) 8.0(1) Administrator's Guide
6-7
Cisco Unified Communications Operating System Administration Guide for Cisco Unifed CCX Release 8.0(1)
Chapter 6 Security
Manage Certificates
CAPF and Cisco Unified CCX CSRs include extensions that you must include in your request for an
application certificate from the CA. If your CA does not support the ExtensionRequest mechanism, you
must enable the X.509 extensions, as follows:
application certificate from the CA. If your CA does not support the ExtensionRequest mechanism, you
must enable the X.509 extensions, as follows:
•
The CAPF CSR uses the following extensions:
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Certificate Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, IPSec End System
•
The CSRs for Cisco Unified CCX , Tomcat, and IPSec use the following extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment, Data Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, IPSec End System
Upload the CA root certificate of the CA that signed an application certificate. If a subordinate CA signs
an application certificate, you must upload the CA root certificate of the subordinate CA, not the root
CA.
an application certificate, you must upload the CA root certificate of the subordinate CA, not the root
CA.
You upload CA root certificates and application certificates by using the same Upload Certificate dialog
box. When you upload a CA root certificate, choose the certificate name with the format certificate
type-trust. When you upload an application certificate, choose the certificate name that only includes
the certificate type. For example, choose tomcat-trust when you upload a Tomcat CA root certificate;
choose tomcat when you upload a Tomcat application certificate.
box. When you upload a CA root certificate, choose the certificate name with the format certificate
type-trust. When you upload an application certificate, choose the certificate name that only includes
the certificate type. For example, choose tomcat-trust when you upload a Tomcat CA root certificate;
choose tomcat when you upload a Tomcat application certificate.
When you upload a CAPF CA root certificate, it gets copied to the Unified CCX-trust store, so you do
not need to upload the CA root certificate for Unified CCX separately.
not need to upload the CA root certificate for Unified CCX separately.
Monitor Certificate Expiration Dates
The system can automatically send you an e-mail when a certificate is close to its expiration date. To
view and configure the Certificate Expiration Monitor, follow this procedure:
view and configure the Certificate Expiration Monitor, follow this procedure:
Procedure
Step 1
To view the current Certificate Expiration Monitor configuration, navigate to Security > Certificate
Monitor.
Monitor.
The Certificate Monitor window displays.
Step 2
Enter the required configuration information. See
for a description of the Certificate Monitor
Expiration fields.
Step 3
To save your changes, click Save.