Cisco Cisco TelePresence Video Communication Server Expressway
2.
Select Download a CA certificate, certificate chain or CRL.
3.
Select Base 64.
4.
Select Download CA certificate.
5.
Choose Save File and click OK.
6.
Rename certnew.cer to certnew.pem.
Files server.pem and certnew.pem are now available.
certnew.pem to VCS.
Loading Certificates and Keys Onto VCS
The VCS uses standard X.509 certificates. The certificate information must be supplied to the VCS in PEM format.
Typically 3 elements are loaded:
Typically 3 elements are loaded:
■
The server certificate (which is generated by the certificate authority, identifying the ID of the certificate
holder, and should be able to act as both a client and server certificate).
holder, and should be able to act as both a client and server certificate).
■
The private key (used to sign data sent to the client, and decrypt data sent from the client, encrypted with the
public key in the server certificate). This must only be kept on the VCS and backed up in a safe place –
security of the TLS communications relies upon this being kept secret.
public key in the server certificate). This must only be kept on the VCS and backed up in a safe place –
security of the TLS communications relies upon this being kept secret.
■
A list of certificates of trusted certificate authorities.
Note
: New installations of VCS software (from X8.1 onwards) ship with a temporary trusted CA, and a server
certificate issued by that temporary CA. We strongly recommend that you replace the server certificate with one
generated by a trusted certificate authority, and that you install CA certificates for the authorities that you trust.
generated by a trusted certificate authority, and that you install CA certificates for the authorities that you trust.
13
Cisco VCS Certificate Creation and Use Deployment Guide
Loading Certificates and Keys Onto VCS