Cisco Cisco TelePresence Video Communication Server Expressway 维护手册
To retrieve authorization credentials (username) from the certificate:
1.
Select the Certificate source as described above.
2.
Configure the Regex and Username format fields as required. Their purpose is to extract a username from the
nominated certificate by supplying a regular expression that will look for an appropriate string pattern within
the certificate. The fields default to the currently configured settings on the Certificate-based authentication
configuration page but you can change them as required.
nominated certificate by supplying a regular expression that will look for an appropriate string pattern within
the certificate. The fields default to the currently configured settings on the Certificate-based authentication
configuration page but you can change them as required.
—
In the Regex field, use the
(?<name>regex)
syntax to supply names for capture groups so that matching sub-
patterns can be substituted in the associated Username format field, for example,
/(Subject:.*, CN=(?<Group1>.*))/m
.
—
The Username format field can contain a mixture of fixed text and the capture group names used in the
Regex. Delimit each capture group name with
Regex. Delimit each capture group name with
#
, for example,
prefix#Group1#suffix
. Each capture group
name will be replaced with the text obtained from the regular expression processing.
3.
Click Check certificate.
The results of the test are shown in the Certificate test results section. The Resulting string item is the
username credential that would be checked against the relevant authorization mechanism to determine that
user's authorization (account access) level.
The results of the test are shown in the Certificate test results section. The Resulting string item is the
username credential that would be checked against the relevant authorization mechanism to determine that
user's authorization (account access) level.
4.
If necessary, you can modify the Regex and Username format fields and repeat the test until the correct
results are produced.
Note that if the Certificate source is an uploaded PEM or plain text file, the selected file is temporarily
uploaded to the VCS when the test is first performed:
results are produced.
Note that if the Certificate source is an uploaded PEM or plain text file, the selected file is temporarily
uploaded to the VCS when the test is first performed:
—
if you want to keep testing different Regex and Username format combinations against the same file, you
do not have to reselect the file for every test
do not have to reselect the file for every test
—
if you change the contents of your test file on your file system, or you want to choose a different file, you
must click Browse again and select the new or modified file to upload
must click Browse again and select the new or modified file to upload
5.
If you have changed the Regex and Username format fields from their default values and want to use these
values in the VCS's actual configuration (as specified on the Certificate-based authentication configuration
page) then click Make these settings permanent.
values in the VCS's actual configuration (as specified on the Certificate-based authentication configuration
page) then click Make these settings permanent.
Note:
■
Any uploaded test file is automatically deleted from the VCS at the end of your login session.
■
The regex is applied to a plain text version of an encoded certificate. The system uses the command
openssl
x509 -text -nameopt RFC2253 -noout
to extract the plain text certificate from its encoded format.
Testing Secure Traversal
This utility tests whether a secure connection can be made from the VCS Control to the VCS Expressway. A secure
connection is required for a Unified Communications traversal zone, and is optional (recommended) for a normal
traversal zone.
connection is required for a Unified Communications traversal zone, and is optional (recommended) for a normal
traversal zone.
If the secure traversal test fails, the utility raises a warning with appropriate resolution where possible.
1.
On the VCS Control, go to Maintenance > Security certificates > Secure traversal test.
2.
Enter the FQDN of the VCS Expressway that is paired with this VCS Control.
3.
Enter the TLS verify name of this VCS Control, as it appears on the paired VCS Expressway.
This setting is in the SIP section of the VCS Expressway's traversal zone configuration page.
4.
Click Test connection.
The secure traversal test utility checks whether the hosts on either side of the traversal zone recognize each
other and trust each others' certificate chains.
other and trust each others' certificate chains.
291
Cisco TelePresence Video Communication Server Administrator Guide