Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Obtaining the Username from the Certificate
The username is extracted from the client browser's certificate according to the patterns defined in the Regex and
Username format fields on the Certificate-based authentication configuration page:
Username format fields on the Certificate-based authentication configuration page:
■
In the Regex field, use the
(?<name>regex)
syntax to supply names for capture groups so that matching sub-
patterns can be substituted in the associated Username format field, for example,
/(Subject:.*, CN=(?<Group1>.*))/m
.
.
■
The Username format field can contain a mixture of fixed text and the capture group names used in the
Regex. Delimit each capture group name with
Regex. Delimit each capture group name with
#
, for example,
prefix#Group1#suffix
. Each capture group
name will be replaced with the text obtained from the regular expression processing.
page to test the outcome of applying different Regex and Username
format combinations to a certificate.
Testing Client Certificates
The Client certificate testing page (Maintenance > Security certificates > Client certificate testing) is used to
check client certificates before enabling
check client certificates before enabling
. You can:
■
Test whether a client certificate is valid when checked against the VCS's current trusted CA list and, if
loaded, the revocation list (see
loaded, the revocation list (see
).
■
Test the outcome of applying the regex and template patterns that retrieve a certificate's authorization
credentials (the username).
credentials (the username).
You can test against:
■
a certificate on your local file system
■
the browser's currently loaded certificate
To test if a certificate is valid:
1.
Select the Certificate source. You can choose to:
—
upload a test file from your file system in either PEM or plain text format; if so click Browse to select the
certificate file you want to test
certificate file you want to test
—
test against the certificate currently loaded into your browser (only available if the system is already
configured to use Certificate validation and a certificate is currently loaded)
configured to use Certificate validation and a certificate is currently loaded)
2.
Ignore the Certificate-based authentication pattern section - this is only relevant if you are extracting
authorization credentials from the certificate.
authorization credentials from the certificate.
3.
Click Check certificate.
4.
The results of the test are shown in the Certificate test results section.
290
Cisco TelePresence Video Communication Server Administrator Guide