Client Certificate Testing - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Obtaining the username from the certificate
The username is extracted from the client browser's certificate according to the patterns defined in the
Regex and Username format fields on the
In the Regex field, use the (?<name>regex) syntax to supply names for capture groups so that matching
n
sub-patterns can be substituted in the associated Username format field, for example, /(Subject:.*,
CN=(?<Group1>.*))/m.
Note that the regex defined here must conform to
The Username format field can contain a mixture of fixed text and the capture group names used in the
n
Regex. Delimit each capture group name with #, for example, prefix#Group1#suffix. Each capture
group name will be replaced with the text obtained from the regular expression processing.
You can use the
Client certificate testing
Username format combinations to a certificate.
Client certificate testing
The
Client certificate testing
is used to check client certificates before enabling
test whether a client certificate is valid when checked against the VCS's current trusted CA list and, if
n
loaded, the revocation list (see
test the outcome of applying the regex and template patterns that retrieve a certificate's authorization
n
credentials (the username)
You can test against:
a certificate on your local file system
n
the browser's currently loaded certificate
n
To test if a certificate is valid:
1. Select the Certificate source. You can choose to:
upload a test file from your file system in either PEM or plain text format; if so click Browse to select
l
the certificate file you want to test
test against the certificate currently loaded into your browser (only available if the system is already
l
configured to use Certificate validation and a certificate is currently loaded)
2. Ignore the Certificate-based authentication pattern section - this is only relevant if you are extracting
authorization credentials from the certificate.
3. Click Check certificate.
4. The results of the test are shown in the Certificate test results section.
To retrieve authorization credentials (username) from the certificate:
1. Select the Certificate source as described above.
2. Configure the Regex and Username format fields as required. Their purpose is to extract a username
from the nominated certificate by supplying a regular expression that will look for an appropriate string
pattern within the certificate. The fields default to the currently configured settings on the
Cisco VCS Administrator Guide (X7.1)
Certificate-based authentication configuration
PHP regex
page to test the outcome of applying different Regex and
page
(Maintenance > Certificate management > Client certificate
client certificate
CRL
management)
guidelines.
validation. You can:
Maintenance
page:
testing)
Certificate-
Page 269 of 479
Advertisement
Table of Contents
