Cisco Cisco TelePresence Video Communication Server Expressway
Managing the trusted CA certificate list
The Trusted CA certificate page (Maintenance > Security certificates > Trusted CA certificate) allows you to manage
the list of certificates for the Certificate Authorities (CAs) trusted by this VCS. When a TLS connection to VCS mandates
certificate verification, the certificate presented to the VCS must be signed by a trusted CA in this list and there must be a
full chain of trust (intermediate CAs) to the root CA.
the list of certificates for the Certificate Authorities (CAs) trusted by this VCS. When a TLS connection to VCS mandates
certificate verification, the certificate presented to the VCS must be signed by a trusted CA in this list and there must be a
full chain of trust (intermediate CAs) to the root CA.
■
To upload a new file containing one or more CA certificates, Browse to the required PEM file and click Append
CA certificate. This will append any new certificates to the existing list of CA certificates. If you are replacing
existing certificates for a particular issuer and subject, you have to manually delete the previous certificates.
CA certificate. This will append any new certificates to the existing list of CA certificates. If you are replacing
existing certificates for a particular issuer and subject, you have to manually delete the previous certificates.
■
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA certificates,
click Reset to default CA certificate.
click Reset to default CA certificate.
■
To view the entire list of currently uploaded trusted CA certificates, click Show all (decoded) to view it in a human-
readable form, or click Show all (PEM file) to view the file in its raw format.
readable form, or click Show all (PEM file) to view the file in its raw format.
■
To view an individual trusted CA certificate, click on View (decoded) in the row for the specific CA certificate.
■
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click Delete.
Managing Certificate Revocation Lists (CRLs)
Certificate revocation list (CRL) files are used by the VCS to validate certificates presented by client browsers and
external systems that communicate with the VCS over TLS/HTTPS. A CRL identifies those certificates that have been
revoked and can no longer be used to communicate with the VCS.
external systems that communicate with the VCS over TLS/HTTPS. A CRL identifies those certificates that have been
revoked and can no longer be used to communicate with the VCS.
11
Cisco VCS Certificate Creation and Use Deployment Guide