Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Maintenance
Cisco VCS Administrator Guide (X7.0)
Page 271 of 488
To upload a new file of CA certificates, Browse to the required PEM file and click Upload CA
certificate. This will replace any previously uploaded CA certificates.
certificate. This will replace any previously uploaded CA certificates.
Note: if you have enabled certificate revocation list (CRL) checking for TLS encrypted
(for account authentication), you must add the PEM encoded CRL data to your trusted CA
certificate file.
n
Click Reset to default CA certificate to replace the currently uploaded file with a default list of trusted
CA certificates.
CA certificates.
n
Click Show CA certificate to view the currently uploaded file.
Server certificate data
The Server certificate data section is used to upload the VCS's server certificate. This certificate is
used to identify the VCS when it communicates with client systems using TLS encryption, and with web
browsers over HTTPS.
used to identify the VCS when it communicates with client systems using TLS encryption, and with web
browsers over HTTPS.
n
Use the Browse buttons to select the server certificate PEM file and the server private key PEM file
that is used to encrypt it. After selecting both files, click Upload server certificate data. Note that the
private key must not be password protected.
that is used to encrypt it. After selecting both files, click Upload server certificate data. Note that the
private key must not be password protected.
n
Click Reset to default server certificate to replace the currently uploaded server certificate with the
VCS's factory default certificate.
VCS's factory default certificate.
n
Click Show server certificate to view the currently uploaded server certificate file in PEM format.
Note that the VCS stores only one server certificate file. If you have multiple certificates you must first
concatenate them into a single file before uploading them to the VCS.
concatenate them into a single file before uploading them to the VCS.
CRL management
The
CRL management
page (
Maintenance > Certificate management > CRL management
) is used
to configure whether the VCS uses certificate revocation lists (CRLs) when validating security
certificates, and if so, from where it obtains the CRLs.
certificates, and if so, from where it obtains the CRLs.
You are recommended to upload CRL data for the CAs that sign HTTPS client and server certificates. A
CRL identifies those certificates that have been revoked and can no longer be used to communicate with
the VCS. When enabled, CRL checking is applied for every CA in the chain of trust.
CRL identifies those certificates that have been revoked and can no longer be used to communicate with
the VCS. When enabled, CRL checking is applied for every CA in the chain of trust.
Note: the VCS can use a combination of manually and automatically uploaded files to perform its CRL
checking. The following sections explain which files are used in which circumstances.
checking. The following sections explain which files are used in which circumstances.
Manual CRL updates
CRL files can be manually uploaded to the VCS. Manually uploaded CRL files are used for certificate
validation in the following areas:
validation in the following areas:
n
when client browsers communicate with the VCS over HTTPS — unless automatic updates have been
enabled, in which case the automatically uploaded CRL files are used instead
enabled, in which case the automatically uploaded CRL files are used instead
n
by the VCS when communicating with external policy services
n
by the
page