Cisco Cisco TelePresence Video Communication Server Expressway
The VCS allows you to install a certificate that can represent the VCS as either a client or a server in connections
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS. You can
also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates.
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS. You can
also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates.
The VCS can generate server certificate signing requests (CSRs). This removes the need to use an external
mechanism to generate certificate requests.
mechanism to generate certificate requests.
For secure communications (HTTPS and SIP/TLS) we recommend that you replace the VCS default certificate with a
certificate generated by a trusted certificate authority.
certificate generated by a trusted certificate authority.
Note that in connections:
■
to an endpoint, the VCS acts as the TLS server
■
to an LDAP server, the VCS is a client
■
between two VCS systems, either VCS may be the client with the other VCS being the TLS server
■
via HTTPS, the web browser is the client and the VCS is the server
TLS can be difficult to configure. For example, when using it with an LDAP server we recommend that you confirm the
system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
Note:
Be careful not to allow your CA certificates or CRLs to expire. This may cause certificates signed by those CAs
to be rejected.
To load the trusted CA list, go to Maintenance > Security certificates > Trusted CA certificate.
To generate a CSR and/or upload the VCS's server certificate, go to Maintenance > Security certificates > Server
certificate.
certificate.
Task 6: Configuring NTP Servers
The NTP server address fields set the IP addresses or Fully Qualified Domain Names (FQDNs) of the NTP servers to
be used to synchronize system time. The Time zone sets the local time zone of the VCS.
be used to synchronize system time. The Time zone sets the local time zone of the VCS.
To configure the NTP server address and time zone:
1.
Go to System > Time.
2.
Configure the fields as follows:
NTP server 1
Enter
10.0.0.21
Time zone
GMT in this example
3.
Click Save.
16
Cisco Single VCS Control - Basic Configuration Deployment Guide
VCS System Configuration