Testing Client Certificates - Cisco TelePresence Administrator's Manual

Maintenance
Note that if the client certificate is not protected (by a PIN or some other mechanism) then unauthenticated
access to the VCS may be possible. This lack of protection may also apply if the certificates are stored in the
browser, although some browsers do allow you to password protect their certificate store.
Obtaining the username from the certificate
The username is extracted from the client browser's certificate according to the patterns defined in the
Regex and Username format fields on the
In the Regex field, use the (?<name>regex) syntax to supply names for capture groups so that
n
matching sub-patterns can be substituted in the associated Username format field, for example,
/(Subject:.*, CN=(?<Group1>.*))/m.
The regex defined here must conform to
The Username format field can contain a mixture of fixed text and the capture group names used in the
n
Regex. Delimit each capture group name with #, for example, prefix#Group1#suffix. Each capture
group name will be replaced with the text obtained from the regular expression processing.
You can use the Client certificate testing
Username format combinations to a certificate.

Testing client certificates

The Client certificate testing
used to check client certificates before enabling
Test whether a client certificate is valid when checked against the VCS's current trusted CA list and, if
n
loaded, the revocation list (see
Cisco VCS Administrator Guide (X8.1.1)
Certificate-based authentication configuration
PHP regex guidelines.
page to test the outcome of applying different Regex and
page (Maintenance > Security certificates > Client certificate
client certificate
Managing certificate revocation lists (CRLs)
About security certificates
validation. You can:
[p.288]).
page:
testing) is
Page 292 of 507