Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Maintenance
Cisco VCS Administrator Guide (X7.1)
Page 266 of 479
Note: if you have enabled certificate revocation list (CRL) checking for TLS encrypted
(for account authentication), you must add the PEM encoded CRL data to your trusted CA
certificate file.
n
Click Reset to default CA certificate to replace the currently uploaded file with a default list of trusted CA
certificates.
certificates.
n
Click Show CA certificate to view the currently uploaded file.
Server certificate data
The Server certificate data section is used to upload the VCS's server certificate. This certificate is used to
identify the VCS when it communicates with client systems using TLS encryption, and with web browsers
over HTTPS.
identify the VCS when it communicates with client systems using TLS encryption, and with web browsers
over HTTPS.
n
Use the Browse buttons to select the server certificate PEM file and the server private key PEM file that
is used to encrypt it. After selecting both files, click Upload server certificate data. Note that the private
key must not be password protected.
is used to encrypt it. After selecting both files, click Upload server certificate data. Note that the private
key must not be password protected.
n
Click Reset to default server certificate to replace the currently uploaded server certificate with the
VCS's factory default certificate.
VCS's factory default certificate.
n
Click Show server certificate to view the currently uploaded server certificate file in PEM format.
Note that the VCS stores only one server certificate file. If you have multiple certificates you must first
concatenate them into a single file before uploading them to the VCS.
concatenate them into a single file before uploading them to the VCS.
CRL management
The
CRL management
page (
Maintenance > Certificate management > CRL management
) is used to
configure whether the VCS uses certificate revocation lists (CRLs) when validating security certificates, and
if so, from where it obtains the CRLs.
if so, from where it obtains the CRLs.
CRL files are used by the VCS to validate certificates presented by client browsers and external policy
servers that communicate with the VCS over HTTPS.
servers that communicate with the VCS over HTTPS.
You are recommended to upload CRL data for the CAs that sign HTTPS client and server certificates. A CRL
identifies those certificates that have been revoked and can no longer be used to communicate with the VCS.
When enabled, CRL checking is applied for every CA in the chain of trust.
identifies those certificates that have been revoked and can no longer be used to communicate with the VCS.
When enabled, CRL checking is applied for every CA in the chain of trust.
n
You can use the
page to test whether or not a certificate is valid.
n
Note that CRL data uploaded here is not used to validate TLS connections with an LDAP server for remote
login account authentication. CRL data for this purpose must be contained within the Trusted CA
certificate file.
login account authentication. CRL data for this purpose must be contained within the Trusted CA
certificate file.
Manual CRL updates
CRL files can be manually uploaded to the VCS.
To upload a CRL file:
1. Click Browse and select the required file from your file system. The CRL file must be in PEM encoded
format.