Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 2: Additional Information
Certificates for TLS
For the VCS to connect to the LDAP server over TLS, it must have a root CA certificate loaded that authorizes the
LDAP server’s server certificate.
LDAP server’s server certificate.
In large organizations the IT department will be able to provide relevant certificate information. Details on how to
process the supplied certificate, and how to create the root CA certificate using an OCS server are described in
process the supplied certificate, and how to create the root CA certificate using an OCS server are described in
.
If a root CA certificate is already loaded that is required for other purposes, this new root CA certificate should be
concatenated with the other root CA certificate (Trusted CA certificate) and the single file containing the two
certificates uploaded to VCS.
concatenated with the other root CA certificate (Trusted CA certificate) and the single file containing the two
certificates uploaded to VCS.
Note that the server address entered on the LDAP configuration page on the VCS must match the CN (common
name) contained within the certificate presented by the LDAP server.
name) contained within the certificate presented by the LDAP server.
Use with VCS Clusters
All LDAP configuration is replicated across cluster peers, however the DNS server is configurable independently on
each VCS peer. Make sure each peer references a DNS server that can lookup the LDAP server and (if SASL is
enabled) can perform a reverse lookup of the LDAP server IP address.
each VCS peer. Make sure each peer references a DNS server that can lookup the LDAP server and (if SASL is
enabled) can perform a reverse lookup of the LDAP server IP address.
12
Authenticating Cisco VCS Accounts Using LDAP Deployment Guide