Cisco TelePresence Administrator's Manual page 289
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (498 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Maintenance
when establishing SIP TLS connections, the CRL data sources are subject to the
n
checking
settings on the
automatically uploaded CRL files override any manually loaded CRL files (except for when verifying
n
SIP TLS connections, when both manually uploaded or automatically downloaded CRL data may be used)
when validating certificates presented by external policy servers, the VCS uses manually loaded CRLs
n
only
when validating TLS connections with an LDAP server for remote login account authentication, the VCS
n
uses CRL data within the
Automatic CRL updates
We recommend that the VCS is configured to perform automatic CRL updates. This ensures that the latest
CRLs are available for certificate validation.
To configure the VCS to use automatic CRL updates:
1. Go to
Maintenance > Security certificates > CRL
2. Set Automatic CRL updates to Enabled.
3. Enter the set of HTTP(S) distribution points from where the VCS can obtain CRL files. Note that:
you must specify each distribution point on a new line
l
only HTTP(S) distribution points are supported; if HTTPS is used, the distribution point server itself
l
must have a valid certificate
PEM and DER encoded CRL files are supported
l
the distribution point may point directly to a CRL file or to ZIP and GZIP archives containing multiple
l
CRL files
the file extensions in the URL or on any files unpacked from a downloaded archive do not matter as the
l
VCS will determine the underlying file type for itself; however, typical URLs could be in the format:
http://example.com/crl.pem
o
http://example.com/crl.der
o
http://example.com/ca.crl
o
https://example.com/allcrls.zip
o
https://example.com/allcrls.gz
o
4. Enter the Daily update time (in UTC). This is the approximate time of day when the VCS will attempt to
update its CRLs from the distribution points.
5. Click Save.
Manual CRL updates
CRL files can also be uploaded manually to the VCS. Certificates presented by external policy servers can
only be validated against manually loaded CRLs.
To upload a CRL file:
1. Go to
Maintenance > Security certificates > CRL
2. Click Browse and select the required file from your file system. It must be in PEM encoded format.
3. Click Upload CRL file.
This uploads the selected file and replaces any previously uploaded CRL file.
Click Remove revocation list if you want to remove the manually uploaded file from the VCS.
Note that if a certificate authority's CRL expires, all certificates issued by that CA will be treated as revoked.
Cisco VCS Administrator Guide (X8.1.1)
SIP
configuration page
Trusted CA certificate
only
management.
management.
About security certificates
Certificate revocation
Page 289 of 507
Advertisement
Table of Contents
Related Manuals for Cisco TelePresence
Related Products for Cisco TelePresence
- Cisco TelePresence Video Communication Server
- Cisco TD 92322GB
- Cisco TS MSE 8710
- Cisco TELEPRESENCE CALL DETAIL RECORDS FILE FORMAT -
- Cisco TELEPRESENCE MCU ACCESSING CONFERENCES -
- Cisco TelePresence System Codec C90: Profile 65"
- Cisco TELEPRESENCE MANAGEMENT SUITE
- Cisco TelePresence VX Clinical Assistant