Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Maintenance
Cisco VCS Administrator Guide (X7.2)
Page 279 of 498
Note: if you have enabled certificate revocation list (CRL) checking for TLS encrypted
(for account authentication), you must add the PEM encoded CRL data to your trusted CA
certificate file.
Managing the VCS's server certificate
The
Server certificate
page (
Maintenance > Certificate management > Server certificate
) is used to
manage the VCS's server certificate. This certificate is used to identify the VCS when it communicates with
client systems using TLS encryption, and with web browsers over HTTPS. You can:
client systems using TLS encryption, and with web browsers over HTTPS. You can:
n
view details about the currently loaded certificate
n
generate a certificate signing request
n
upload a new server certificate
Viewing the currently uploaded certificate
The Server certificate data section shows information about the server certificate currently loaded on the
VCS.
VCS.
n
To view the currently uploaded server certificate file, click Show server certificate.
n
To replace the currently uploaded server certificate with the VCS's default certificate, click Reset to
default server certificate.
default server certificate.
Note: do not allow your server certificate to expire as this may cause other external systems to reject your
certificate and prevent the VCS from being able to connect to those systems.
certificate and prevent the VCS from being able to connect to those systems.
Generating a certificate signing request (CSR)
The VCS can generate server certificate signing requests. This removes the need to use an external
mechanism to generate and obtain certificate requests.
mechanism to generate and obtain certificate requests.
To generate a CSR:
1. Click Generate CSR to go to the
Generate CSR
page.
2. Enter the required properties for the certificate.
l
See
below if your VCS is part of a cluster.
l
The certificate request includes automatically the client and server authentication Enhanced Key
Usage (EKU) extension.
Usage (EKU) extension.
3. Click Generate CSR. The system will produce a signing request and an associated private key.
Note that the private key is stored securely on the VCS and cannot be viewed or downloaded.
4. You are returned to the
Server certificate
page. From here you can:
l
Download the request to your local file system so that it can be sent to a certificate authority. You are
prompted to save the file (the exact wording depends on your browser).
prompted to save the file (the exact wording depends on your browser).
l
View the current request.
When the signed server certificate is received back from the certificate authority it must be uploaded to the
VCS as described below.
VCS as described below.