Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
When a restart is required, you receive an alarm on the web interface, which remains in place as a notification until
you restart the system. However, you can continue to use and configure the VCS in the meantime.
you restart the system. However, you can continue to use and configure the VCS in the meantime.
Adding option keys using the CLI
To return the indexes of all the option keys that are already installed on your system:
xStatus Options
To add a new option key to your system:
xConfiguration Option [1..64] Key
Note:
when using the CLI to add an extra option key, you can use any unused option index. If you chose an existing
option index, that option will be overwritten and the extra functionality provided by that option key will no longer exist.
To see which indexes are currently in use, type
To see which indexes are currently in use, type
xConfiguration option
.
About Security Certificates
For extra security, you may want to have the VCS communicate with other systems (such as LDAP servers, neighbor
VCSs, or clients such as SIP endpoints and web browsers) using TLS encryption.
VCSs, or clients such as SIP endpoints and web browsers) using TLS encryption.
For this to work successfully in a connection between a client and server:
■
The server must have a certificate installed that verifies its identity. This certificate must be signed by a
Certificate Authority (CA).
Certificate Authority (CA).
■
The client must trust the CA that signed the certificate used by the server.
The VCS allows you to install a certificate that can represent the VCS as either a client or a server in connections
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS. You can
also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates.
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS. You can
also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS client certificates.
The VCS can generate server certificate signing requests (CSRs). This removes the need to use an external
mechanism to generate certificate requests.
mechanism to generate certificate requests.
For secure communications (HTTPS and SIP/TLS) we recommend that you replace the VCS default certificate with a
certificate generated by a trusted certificate authority.
certificate generated by a trusted certificate authority.
Note that in connections:
■
to an endpoint, the VCS acts as the TLS server
■
to an LDAP server, the VCS is a client
■
between two VCS systems, either VCS may be the client with the other VCS being the TLS server
■
via HTTPS, the web browser is the client and the VCS is the server
TLS can be difficult to configure. For example, when using it with an LDAP server we recommend that you confirm
the system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
the system is working correctly over TCP before attempting to secure the connection with TLS. We also recommend
using a third party LDAP browser to verify that your LDAP server is correctly configured for TLS.
Note:
Be careful not to allow your CA certificates or CRLs to expire. This may cause certificates signed by those CAs
to be rejected.
Certificate and CRL files can only be managed via the web interface. They cannot be installed using the CLI.
for
.
Managing the Trusted CA Certificate List
The Trusted CA certificate page (Maintenance > Security certificates > Trusted CA certificate) allows you to
manage the list of certificates for the Certificate Authorities (CAs) trusted by this VCS. When a TLS connection to
manage the list of certificates for the Certificate Authorities (CAs) trusted by this VCS. When a TLS connection to
304
Cisco TelePresence Video Communication Server Administrator Guide
Maintenance