Crl Management - Cisco TelePresence Administrator's Manual
Video communication server
Hide thumbs
Also See for TelePresence:
- Administrator's manual (507 pages) ,
- Manual (24 pages) ,
- Specifications (7 pages)
Table of Contents
Advertisement
Note that only one signing request can be in progress at any one time. This is because the VCS has to keep
track of the private key file associated with the current request. To discard the current request and start a
new request, click Discard CSR.
Uploading a new server certificate
The Upload new certificate section is used to replace the VCS's current server certificate with a new
certificate.
To upload a server certificate:
1. Use the Browse button to select and upload the server certificate PEM file.
2. If you used an external system to generate the certificate request you must also upload the server private
key PEM file that was used to encrypt the server certificate. (Note that the private key file will have been
automatically generated and stored earlier if you used the VCS to produce the signing request for this
server certificate.)
The server private key must not be password protected.
l
If a certificate signing request is in progress, you cannot upload a server private key as the relevant key
l
would have been automatically produced as a part of the signing request generation process.
3. Click Upload server certificate data.
Server certificates and clustered systems
When a CSR is generated, a single request and private key combination is generated for that peer only.
If you have a cluster of VCSs, you must generate a separate signing request on each peer. Those requests
must then be sent to the certificate authority and the returned server certificates uploaded to each relevant
peer.
You must ensure that the correct server certificate is uploaded to the appropriate peer, otherwise the stored
private key on each peer will not correspond to the uploaded certificate.
CRL management
The
CRL management
page
configure whether the VCS uses certificate revocation lists (CRLs) when validating security certificates, and
if so, from where it obtains the CRLs.
CRL files are used by the VCS to validate certificates presented by client browsers and external policy
servers that communicate with the VCS over TLS/HTTPS.
You are recommended to upload CRL data for the CAs that sign TLS/HTTPS client and server certificates. A
CRL identifies those certificates that have been revoked and can no longer be used to communicate with the
VCS. When enabled, CRL checking is applied for every CA in the chain of trust.
Note that you can use the
CRL sources
The VCS can obtain CRL information from multiple sources:
manual upload of CRL data
n
automatic downloads of CRL data from CRL distribution points
n
Cisco VCS Administrator Guide (X7.2)
(Maintenance > Certificate management > CRL
Client certificate testing
page to test whether or not a certificate is valid.
Maintenance
management) is used to
Page 280 of 498
Hide quick links:
Advertisement
Table of Contents
