Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Maintenance
Cisco VCS Administrator Guide (X7.1)
Page 265 of 479
About security certificates
For extra security, you may want to have the VCS communicate with other systems (such as LDAP servers,
neighbor VCSs, or clients such as SIP endpoints and web browsers) using TLS encryption.
neighbor VCSs, or clients such as SIP endpoints and web browsers) using TLS encryption.
For this to work successfully in a connection between a client and server:
n
The server must have a certificate installed that verifies its identity. This certificate must be signed by a
Certificate Authority (CA).
Certificate Authority (CA).
n
The client must trust the CA that signed the certificate used by the server.
The VCS allows you to install appropriate files so that it can act as either a client or a server in connections
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS.
You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS
client certificates.
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS.
You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS
client certificates.
n
For an endpoint to VCS connection, the VCS acts as the TLS server.
n
For a VCS to LDAP server connection, the VCS is a client.
n
For a VCS to VCS connection either VCS may be the client with the other VCS being the TLS server.
n
For HTTPS connections the web browser is the client and the VCS is the server.
TLS can be difficult to configure. For example, when using it with an LDAP server it is recommended that you
confirm that your system is working correctly before you attempt to secure the connection with TLS. You are
also recommended to use a third party LDAP browser to verify that your LDAP server is correctly configured
to use TLS.
confirm that your system is working correctly before you attempt to secure the connection with TLS. You are
also recommended to use a third party LDAP browser to verify that your LDAP server is correctly configured
to use TLS.
Note: be careful not to allow your CA certificates or CRLs to expire as this may cause certificates signed by
those CAs to be rejected.
those CAs to be rejected.
See
for instructions about how to install certificates. For further information,
see
Managing security certificates
The
Security certificates
page (
Maintenance > Certificate management > Security certificates
) is used
to manage the
used by the VCS when acting as either a client or a server in connections
using TLS, and when authenticating client connections over HTTPS.
Note: certificate and CRL files can only be managed via the web interface. They cannot be installed using
the CLI.
the CLI.
Trusted CA certificate
The Trusted CA certificate section manages the list of certificates for the Certificate Authorities (CAs)
trusted by this VCS. Certificates presented to the VCS must be signed by a trusted CA on this list and there
must be a full chain of trust to the root CA.
trusted by this VCS. Certificates presented to the VCS must be signed by a trusted CA on this list and there
must be a full chain of trust to the root CA.
To upload a new file of CA certificates, Browse to the required PEM file and click Upload CA certificate.
This will replace any previously uploaded CA certificates.
This will replace any previously uploaded CA certificates.