Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Certificate Revocation Checking Modes
This section controls the certificate revocation checking modes for SIP TLS connections. The configurable options
are:
are:
Field
Description
Usage tips
Certificate
revocation
checking
mode
revocation
checking
mode
Controls whether revocation checking is performed for
certificates exchanged during SIP TLS connection
establishment.
certificates exchanged during SIP TLS connection
establishment.
We recommend that revocation
checking is enabled.
checking is enabled.
Use OCSP
Controls whether the Online Certificate Status Protocol
(OCSP) may be used to perform certificate revocation
checking.
(OCSP) may be used to perform certificate revocation
checking.
To use OCSP, the X.509 certificate
to be checked must contain an
OCSP responder URI.
to be checked must contain an
OCSP responder URI.
Use CRLs
Controls whether Certificate Revocation Lists (CRLs) are
used to perform certificate revocation checking.
used to perform certificate revocation checking.
CRLs can be used if the certificate
does not support OCSP.
does not support OCSP.
CRLs can be loaded manually onto
the VCS, downloaded automatically
from preconfigured URIs (see
the VCS, downloaded automatically
from preconfigured URIs (see
), or
downloaded automatically from a
CRL distribution point (CDP) URI
contained in the X.509 certificate.
CRL distribution point (CDP) URI
contained in the X.509 certificate.
Allow CRL
downloads
from CDPs
downloads
from CDPs
Controls whether the download of CRLs from the CDP URIs
contained in X.509 certificates is allowed.
contained in X.509 certificates is allowed.
Fallback
behavior
behavior
Controls the revocation checking behavior if the revocation
status cannot be established, for example if the revocation
source cannot be contacted.
status cannot be established, for example if the revocation
source cannot be contacted.
Treat as revoked: treat the certificate as revoked (and thus
do not allow the TLS connection).
do not allow the TLS connection).
Treat as not revoked: treat the certificate as not revoked.
Default: Treat as not revoked
Treat as not revoked ensures that
your system continues to operate in
a normal manner if the revocation
source cannot be contacted,
however it does potentially mean
that revoked certificates will be
accepted.
your system continues to operate in
a normal manner if the revocation
source cannot be contacted,
however it does potentially mean
that revoked certificates will be
accepted.
Registration Controls
This section contains the registration controls for standard and outbound SIP registrations. The configurable options
are:
are:
94
Cisco TelePresence Video Communication Server Administrator Guide