Cisco Cisco Expressway 维护手册
Field
Description
Usage tips
Certificate
verification
mode
verification
mode
When connecting over HTTPS, this setting
controls whether the certificate presented by
the policy server is verified.
controls whether the certificate presented by
the policy server is verified.
If On, for the Expressway to connect to a policy
server over HTTPS, the Expressway must have
a root CA certificate loaded that authorizes that
server’s server certificate. Also the certificate's
Subject Common Name or Subject Alternative
Name must match one of the Server address
fields below.
server over HTTPS, the Expressway must have
a root CA certificate loaded that authorizes that
server’s server certificate. Also the certificate's
Subject Common Name or Subject Alternative
Name must match one of the Server address
fields below.
The Expressway’s root CA certificates are
loaded via (Maintenance > Security
certificates > Trusted CA certificate).
loaded via (Maintenance > Security
certificates > Trusted CA certificate).
HTTPS
certificate
revocation
list (CRL)
checking
certificate
revocation
list (CRL)
checking
Enable this option if you want to protect
certificate checking using CRLs and you have
manually loaded CRL files, or you have enabled
automatic CRL updates.
certificate checking using CRLs and you have
manually loaded CRL files, or you have enabled
automatic CRL updates.
Go to Maintenance > Security
certificates > CRL management to
configure how the Expressway uploads
CRL files.
certificates > CRL management to
configure how the Expressway uploads
CRL files.
Server
address 1 - 3
address 1 - 3
Enter the IP address or Fully Qualified Domain
Name (FQDN) of the server hosting the service.
You can specify a port by appending :<port>
to the address.
Name (FQDN) of the server hosting the service.
You can specify a port by appending :<port>
to the address.
If an FQDN is specified, ensure that the
Expressway has an appropriate DNS
configuration that allows the FQDN to be
resolved.
Expressway has an appropriate DNS
configuration that allows the FQDN to be
resolved.
For resiliency, up to three server
addresses can be supplied.
addresses can be supplied.
Path
Enter the URL of the service on the server.
Status path
The Status path identifies the path from where
the Expressway can obtain the status of the
remote service.
the Expressway can obtain the status of the
remote service.
The default is status.
Username
The username used by the Expressway to log in
and query the service.
and query the service.
Password
The password used by the Expressway to log in
and query the service.
and query the service.
The maximum plaintext length is 30
characters (which is subsequently
encrypted).
characters (which is subsequently
encrypted).
Default CPL
This is the fallback CPL used by the
Expressway if the service is not available.
Expressway if the service is not available.
You can change it, for example, to
redirect to an answer service or recorded
message.
redirect to an answer service or recorded
message.
4.
Click Save.
The Expressway should connect to the policy service server and start using the service for Registration Policy
decisions.
decisions.
Any connection problems will be reported on this page. Check the Status area at the bottom of the page and
check for additional information messages against the Server address fields.
check for additional information messages against the Server address fields.
116
Cisco Expressway Administrator Guide
Registration Control