Client Certificate Testing - Cisco TelePresence Administrator's Manual

Note that if the client certificate is not protected (by a PIN or some other mechanism) then unauthenticated
access to the VCS may be possible. This lack of protection may also apply if the certificates are stored in the
browser, although some browsers do allow you to password protect their certificate store.
Obtaining the username from the certificate
The username is extracted from the client browser's certificate according to the patterns defined in the
Regex and Username format fields on the
In the Regex field, use the (?<name>regex) syntax to supply names for capture groups so that matching
n
sub-patterns can be substituted in the associated Username format field, for example, /(Subject:.*,
CN=(?<Group1>.*))/m.
Note that the regex defined here must conform to
The Username format field can contain a mixture of fixed text and the capture group names used in the
n
Regex. Delimit each capture group name with #, for example, prefix#Group1#suffix. Each capture
group name will be replaced with the text obtained from the regular expression processing.
You can use the

Client certificate testing

Username format combinations to a certificate.
Client certificate testing
The Client certificate testing
is used to check client certificates before enabling
test whether a client certificate is valid when checked against the VCS's current trusted CA list and, if
n
loaded, the revocation list (see
Cisco VCS Administrator Guide (X7.2)
Certificate-based authentication configuration
PHP regex
page to test the outcome of applying different Regex and
page (Maintenance > Certificate management > Client certificate
client certificate
CRL management)
guidelines.
validation. You can:
Maintenance
page:
testing)
Page 283 of 498