Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Maintenance
Managing security certificates
The Security certificates page (
Maintenance > Security certificates
) is used to manage the
used by the Cisco VCS when acting as either a client or a server in connections
using TLS, and when authenticating client connections over HTTPS.
Note: certificate and certificate revocation list (CRL) files can only be loaded via the web interface.
They cannot be installed using the CLI.
They cannot be installed using the CLI.
Trusted CA certificate
The Trusted CA certificate section manages the list of certificates for the Certificate Authorities
(CAs) trusted by this Cisco VCS. Certificates presented to the Cisco VCS must be signed by a
trusted CA on this list and there must be a full chain of trust to the root CA.
(CAs) trusted by this Cisco VCS. Certificates presented to the Cisco VCS must be signed by a
trusted CA on this list and there must be a full chain of trust to the root CA.
To upload a new file of CA certificates, Browse to the required PEM file and click Upload CA
certificate. This will replace any previously uploaded CA certificates.
certificate. This will replace any previously uploaded CA certificates.
Note: if you have enabled certificate revocation list (CRL) checking for TLS encrypted
(for account authentication), you must add the PEM encoded CRL data to your
trusted CA certificate file.
n
Click Reset to default CA certificate to replace the currently uploaded file with a default list of
trusted CA certificates.
trusted CA certificates.
n
Click Show CA certificate to view the currently uploaded file.
Server certificate data
The Server certificate data section is used to upload the Cisco VCS's server certificate. This
certificate is used to identify the Cisco VCS when it communicates with client systems using TLS
encryption, and with web browsers over HTTPS.
certificate is used to identify the Cisco VCS when it communicates with client systems using TLS
encryption, and with web browsers over HTTPS.
n
Use the Browse buttons to select the server certificate PEM file and the server private key PEM
file that is used to encrypt it. After selecting both files, click Upload server certificate data. Note
that the private key must not be password protected.
file that is used to encrypt it. After selecting both files, click Upload server certificate data. Note
that the private key must not be password protected.
n
Click Reset to default server certificate to replace the currently uploaded server certificate with
the Cisco VCS's default certificate.
the Cisco VCS's default certificate.
n
Click Show server certificate to view the currently uploaded server certificate file.
HTTPS certificate revocation list (CRL)
You are recommended to upload CRL data for the CAs that sign HTTPS client and server certificates.
This is a PEM file that identifies those certificates that have been revoked and can no longer be used
to communicate with the Cisco VCS over HTTPS.
This is a PEM file that identifies those certificates that have been revoked and can no longer be used
to communicate with the Cisco VCS over HTTPS.
Note that CRL checking is applied for every CA in the chain of trust.
n
To upload a PEM encoded CRL file, Browse to the required file and click Upload CRL for client
certificates. This will replace any previously uploaded CRL file.
certificates. This will replace any previously uploaded CRL file.
n
Click Remove revocation list if you want to remove all HTTPS CRL information from the Cisco
VCS.
VCS.
Note that CRL data uploaded here is not used to validate TLS connections with an LDAP server for
remote login account authentication. CRL data for this purpose must be contained within the Trusted
CA certificate file.
remote login account authentication. CRL data for this purpose must be contained within the Trusted
CA certificate file.
Client certificate test
The Client certificate test section allows you to check client certificates before enabling
Cisco VCS Administrator Guide (X6)
Page 198 of 295