Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
■
To upload a new file containing one or more CA certificates, Browse to the required PEM file and click
Append CA certificate. This will append any new certificates to the existing list of CA certificates. If you are
replacing existing certificates for a particular issuer and subject, you have to manually delete the previous
certificates.
Append CA certificate. This will append any new certificates to the existing list of CA certificates. If you are
replacing existing certificates for a particular issuer and subject, you have to manually delete the previous
certificates.
■
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA certificates,
click Reset to default CA certificate.
click Reset to default CA certificate.
■
To view the entire list of currently uploaded trusted CA certificates, click Show all (decoded) to view it in a
human-readable form, or click Show all (PEM file) to view the file in its raw format.
human-readable form, or click Show all (PEM file) to view the file in its raw format.
■
To view an individual trusted CA certificate, click on View (decoded) in the row for the specific CA certificate.
■
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click Delete.
Note:
(for account authentication), you must add the PEM encoded CRL data to your trusted CA certificate file.
Managing the VCS's Server Certificate
The Server certificate page (Maintenance > Security certificates > Server certificate) is used to manage the VCS's
server certificate. This certificate is used to identify the VCS when it communicates with client systems using TLS
encryption, and with web browsers over HTTPS. You can:
server certificate. This certificate is used to identify the VCS when it communicates with client systems using TLS
encryption, and with web browsers over HTTPS. You can:
■
view details about the currently loaded certificate
■
generate a certificate signing request
■
upload a new server certificate
Note:
We highly recommend using certificates based on RSA keys. Other types of certificate, such as those
based on DSA keys, are not tested and may not work with the VCS in all scenarios.
Viewing the currently uploaded certificate
The Server certificate data section shows information about the server certificate currently loaded on the VCS.
■
To view the currently uploaded server certificate file, click Show (decoded) to view it in a human-readable
form, or click Show (PEM file) to view the file in its raw format.
Note that if a certificate contains SRV-ID or XMPP-ID formatted entries, when that certificate is viewed those
entries will show as '<unsupported>'. That does not mean the certificate is invalid, but that the openssl code
does not know how to display those identifiers.
form, or click Show (PEM file) to view the file in its raw format.
Note that if a certificate contains SRV-ID or XMPP-ID formatted entries, when that certificate is viewed those
entries will show as '<unsupported>'. That does not mean the certificate is invalid, but that the openssl code
does not know how to display those identifiers.
■
To replace the currently uploaded server certificate with the VCS's original certificate, click Reset to default
server certificate.
server certificate.
Note:
Do not allow your server certificate to expire as this may cause other external systems to reject your certificate
and prevent the VCS from being able to connect to those systems.
Generating a certificate signing request (CSR)
The VCS can generate server certificate signing requests. This removes the need to use an external mechanism to
generate and obtain certificate requests.
generate and obtain certificate requests.
To generate a CSR:
1.
Go to Maintenance > Security certificates > Server certificate.
2.
Click Generate CSR to go to the Generate CSR page.
298
Cisco TelePresence Video Communication Server Administrator Guide
Maintenance