Cisco TelePresence Administrator's Manual page 42

Network and system settings
Field Description
Client Controls the level of security required
certificate- to allow client systems (typically web
based browsers) to communicate with the
security VCS over HTTPS.
Not required: the client system does
not have to present any form of
certificate.
Certificate validation: the client
system must present a valid
certificate that has been signed by a
trusted certificate authority (CA). Note
that a restart is required if you are
changing from Not required to
Certificate validation.
Certificate-based authentication: the
client system must present a valid
certificate that has been signed by a
trusted CA and contains the client's
authentication credentials.
Default: Not required
Certificate Specifies whether HTTPS client
revocation list certificates are checked against
(CRL) certificate revocation lists (CRLs).
checking
None: no CRL checking is performed.
Peer: only the CRL associated with
the CA that issued the client's
certificate is checked.
All: all CRLs in the trusted certificate
chain of the CA that issued the
client's certificate are checked.
Default: All
CRL Controls the revocation checking
inaccessibility behavior if the revocation status
fallback cannot be established, for example if
behavior the revocation source cannot be
contacted.
Treat as revoked: treat the certificate
as revoked (and thus do not allow the
TLS connection).
Treat as not revoked: treat the
certificate as not revoked.
Default: Treat as not revoked
Cisco VCS Administrator Guide (X8.1.1)
Usage tips
Important:
Enabling Certificate validation means that your
browser (the client system) can use the VCS web
interface only if it has a valid (in date and not revoked
by a CRL) client certificate that is signed by a CA in the
VCS's trusted CA certificate list.
Ensure your browser has a valid client certificate
before enabling this feature. The procedure for
uploading a certificate to your browser may vary
depending on the browser type and you may need to
restart your browser for the certificate to take effect.
You can upload CA certificates on the
trusted CA certificate list [p.285]
certificates on the Testing client certificates [p.292]
page.
Enabling Certificate-based authentication means that
the standard login mechanism is no longer available.
You can log in only if your browser certificate is valid
and the credentials it provides have the appropriate
authorization levels. You can configure how the VCS
extracts credentials from the browser certificate on the
Certificate-based authentication configuration
This setting does not affect client verification of the
VCS's server certificate.
Only applies if Client certificate-based security is
enabled.
Only applies if Client certificate-based security is
enabled.
Network services
Managing the
page, and test client
page.
Page 42 of 507