Руководство По Обслуживанию для Cisco Cisco Expressway
Field
Description
Usage tips
Client
certificate-
based
security
certificate-
based
security
Controls the level of security required
to allow client systems (typically web
browsers) to communicate with the
Expressway over HTTPS.
to allow client systems (typically web
browsers) to communicate with the
Expressway over HTTPS.
Not required: the client system does
not have to present any form of
certificate.
not have to present any form of
certificate.
Certificate validation: the client system
must present a valid certificate that
has been signed by a trusted
certificate authority (CA). Note that a
restart is required if you are changing
from Not required to Certificate
validation.
must present a valid certificate that
has been signed by a trusted
certificate authority (CA). Note that a
restart is required if you are changing
from Not required to Certificate
validation.
Certificate-based authentication: the
client system must present a valid
certificate that has been signed by a
trusted CA and contains the client's
authentication credentials.
client system must present a valid
certificate that has been signed by a
trusted CA and contains the client's
authentication credentials.
Default: Not required
Important
:
Enabling Certificate validation means that your browser
(the client system) can use the Expressway web
interface only if it has a valid (in date and not revoked by
a CRL) client certificate that is signed by a CA in the
Expressway's trusted CA certificate list.
(the client system) can use the Expressway web
interface only if it has a valid (in date and not revoked by
a CRL) client certificate that is signed by a CA in the
Expressway's trusted CA certificate list.
Ensure your browser has a valid client certificate before
enabling this feature. The procedure for uploading a
certificate to your browser may vary depending on the
browser type and you may need to restart your browser
for the certificate to take effect.
enabling this feature. The procedure for uploading a
certificate to your browser may vary depending on the
browser type and you may need to restart your browser
for the certificate to take effect.
Enabling Certificate-based authentication means that
the standard login mechanism is no longer available.
You can log in only if your browser certificate is valid and
the credentials it provides have the appropriate
authorization levels. You can configure how the
Expressway extracts credentials from the browser
certificate on the
the standard login mechanism is no longer available.
You can log in only if your browser certificate is valid and
the credentials it provides have the appropriate
authorization levels. You can configure how the
Expressway extracts credentials from the browser
certificate on the
page.
This setting does not affect client verification of the
Expressway's server certificate.
Expressway's server certificate.
Certificate
revocation list
(CRL)
checking
revocation list
(CRL)
checking
Specifies whether HTTPS client
certificates are checked against
certificate revocation lists (CRLs).
certificates are checked against
certificate revocation lists (CRLs).
None: no CRL checking is performed.
Peer: only the CRL associated with the
CA that issued the client's certificate is
checked.
CA that issued the client's certificate is
checked.
All: all CRLs in the trusted certificate
chain of the CA that issued the client's
certificate are checked.
chain of the CA that issued the client's
certificate are checked.
Default: All
Only applies if Client certificate-based security is
enabled.
enabled.
43
Cisco Expressway Administrator Guide
Network and System Settings