certificates.
n
To replace all of the currently uploaded CA certificates with the system's original list of trusted CA
certificates, click
Reset to default CA certificate
.
n
To view the entire list of currently uploaded trusted CA certificates, click
Show all (decoded)
to view it in a
human-readable form, or click
Show all (PEM file)
to view the file in its raw format.
n
To view an individual trusted CA certificate, click on
View (decoded)
in the row for the specific CA
certificate.
n
To delete one or more CA certificates, tick the box(es) next to the relevant CA certificate(s) and click
Delete
.
Note:
if you have enabled certificate revocation list (CRL) checking for TLS encrypted
connections to an
LDAP server
(for account authentication), you must add the PEM encoded CRL data to your trusted CA
certificate file.
Managing the VCS's server certificate
The
Server certificate
page (
Maintenance > Security certificates > Server certificate
) is used to manage
the VCS's server certificate. This certificate is used to identify the VCS when it communicates with client
systems using TLS encryption, and with web browsers over HTTPS. You can:
n
view details about the currently loaded certificate
n
generate a certificate signing request
n
upload a new server certificate
Viewing the currently uploaded certificate
The
Server certificate data
section shows information about the server certificate currently loaded on the
VCS.
n
To view the currently uploaded server certificate file, click
Show (decoded)
to view it in a human-readable
form, or click
Show (PEM file)
to view the file in its raw format.
n
To replace the currently uploaded server certificate with the VCS's original certificate, click
Reset to
default server certificate
.
Note:
do not allow your server certificate to expire as this may cause other external systems to reject your
certificate and prevent the VCS from being able to connect to those systems.
Generating a certificate signing request (CSR)
The VCS can generate server certificate signing requests. This removes the need to use an external
mechanism to generate and obtain certificate requests.
To generate a CSR:
1. Go to
Maintenance > Security certificates > Server certificate
.
2. Click
Generate CSR
to go to the
Generate CSR
page.
3. Enter the required properties for the certificate.
l
See
Server certificates and clustered systems [p.287]
if your VCS is part of a cluster.
l
See
Server certificates and Unified Communications [p.287]
if this VCS is part of a Unified
Communications solution.
Cisco VCS Administrator Guide (X8.1.1)
Page 286 of 507
Maintenance
About security certificates