About Security Certificates; Trusted Ca Certificate - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
About security certificates
For extra security, you may want to have the VCS communicate with other systems (such as LDAP servers,
neighbor VCSs, or clients such as SIP endpoints and web browsers) using TLS encryption.
For this to work successfully in a connection between a client and server:
The server must have a certificate installed that verifies its identity. This certificate must be signed by a
n
Certificate Authority (CA).
The client must trust the CA that signed the certificate used by the server.
n
The VCS allows you to install appropriate files so that it can act as either a client or a server in connections
using TLS. The VCS can also authenticate client connections (typically from a web browser) over HTTPS.
You can also upload certificate revocation lists (CRLs) for the CAs used to verify LDAP server and HTTPS
client certificates.
The VCS can generate server certificate signing requests. This removes the need to use an external
mechanism to generate and obtain certificate requests.
Note that:
For an endpoint to VCS connection, the VCS acts as the TLS server.
n
For a VCS to LDAP server connection, the VCS is a client.
n
For a VCS to VCS connection either VCS may be the client with the other VCS being the TLS server.
n
For HTTPS connections the web browser is the client and the VCS is the server.
n
TLS can be difficult to configure. For example, when using it with an LDAP server we recommend that you
confirm that your system is working correctly before you attempt to secure the connection with TLS. You are
also recommended to use a third party LDAP browser to verify that your LDAP server is correctly configured
to use TLS.
Note: be careful not to allow your CA certificates or CRLs to expire as this may cause certificates signed by
those CAs to be rejected.
Certificate and CRL files can only be managed via the web interface. They cannot be installed using the CLI.
See
Trusted CA certificate
certificates. For further information, see
Trusted CA certificate
The
Trusted CA certificate
allows you to manage the list of certificates for the Certificate Authorities (CAs) trusted by this VCS.
Certificates presented to the VCS must be signed by a trusted CA on this list and there must be a full chain of
trust to the root CA.
To upload a new file of CA certificates, Browse to the required PEM file and click Upload CA certificate.
n
This will replace any previously uploaded CA certificates.
To replace the currently uploaded file with a default list of trusted CA certificates, click Reset to default
n
CA certificate.
To view the currently uploaded file, click Show CA certificate.
n
Cisco VCS Administrator Guide (X7.2)
and
Managing the VCS's server certificate
Certificate creation and use with VCS deployment
page
(Maintenance > Certificate management > Trusted CA
for instructions about how to install
guide.
certificate)
Page 278 of 498
Maintenance
Hide quick links:
Advertisement
Table of Contents
