1. No category

PDF - This Chapter (214.0 KB)

C H A P T E R
12
Managing Certificates for Cisco Unified
MeetingPlace Express
Revised: October 18, 2006, OL-11374-01
Topics in this section include:
•
About Certificates, page 12-1
•
Obtaining Certificates, page 12-2
•
Enabling SSL, page 12-3
•
Disabling SSL, page 12-5
•
Displaying a Certificate, page 12-6
•
Downloading a Certificate, page 12-6
•
Replacing Expired Certificates, page 12-7
The content in this chapter applies in the following cases:
•
You have a Cisco Unified MeetingPlace Express system.
•
You have a Cisco Unified MeetingPlace Express VT system.
About Certificates
To use Secure Sockets Layer (SSL) to provide secure web communications to and from Cisco Unified
MeetingPlace Express, you must obtain two certificates from a trusted certificate authority (CA):
•
One for the end-user web interface and the Administration Center
•
One for web conferencing
Each certificate uses the digital signature of a trusted certificate authority (CA) to confirm that a
cryptographic key belongs to a specific organization at a specific location. Each certificate also includes
a validity period, after which the certificate expires.
Note
Cisco Unified MeetingPlace Express does not support self-signed certificates.
Related Topics
•
Obtaining Certificates, page 12-2
•
Enabling SSL, page 12-3
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
12-1
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
•
Disabling SSL, page 12-5
•
Displaying a Certificate, page 12-6
•
Downloading a Certificate, page 12-6
•
Replacing Expired Certificates, page 12-7
Obtaining Certificates
This topic describes how to obtain certificates by generating certificate signing requests (CSRs) from the
Administration Center and sending the CSRs to a CA that issues certificates.
Note
You may have a different method for obtaining trusted certificates. If you use that method instead of
completing this task, then note the following:
•
Make sure that you also obtain private keys and passwords.
•
We recommend that you save a copy of each SSL file on a separate server, in case you ever reinstall
the operating system. If you reinstall or upgrade the Cisco Unified MeetingPlace Express
application, the SSL files are preserved. If, however, you reinstall the operating system, the SSL files
are not preserved.
•
Proceed to the “Enabling SSL” section on page 12-3.
Before You Begin
Caution
If you already have valid SSL certificates installed on your Cisco Unified MeetingPlace Express server,
generating new CSRs will make the existing SSL certificates invalid. Proceed only if you are installing
SSL certificates for the first time or if you are replacing expired SSL certificates.
•
SSL must be disabled to generate CSRs.
•
Choose a trusted CA that issues certificates in privacy enhanced mail (PEM) format. Other
certificate formats, such as Distinguished Encoding Rules (DER), are not supported.
•
The CSRs and resulting certificates use the hostnames that were entered during the Network Setup
of the operating system (OS) installation:
– The certificate for the end-user web interface and Administration Center uses the hostname
assigned to Ethernet Port 1 (device eth0).
– The certificate for web conferencing uses the hostname assigned to Ethernet Port 2
(device eth1).
If you ever change the hostnames in your system, then you must obtain new certificates.
See the Installation and Upgrade Guide for Cisco Unified MeetingPlace Express for information
about installing the operating system.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
12-2
OL-11374-01
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
Step 3
On the left side of the page:
a.
Click Certificate Management.
b.
Click Generate CSRs.
Step 4
Enter values in the fields on the Generate Certificate Signing Requests (CSRs) page.
Step 5
Click Generate CSRs.
Note
If SSL is currently enabled, the system displays a message stating that you cannot generate CSRs and
takes you back to the Generate Certificate Signing Requests (CSRs) page. See Step 4.
Step 6
In the Download Certificate Signing Requests page, select either of the CSRs and click Download CSR.
Step 7
In the File Download dialog box, click Save.
Step 8
In the Save As dialog box, do the following:
a.
In the Save in field, navigate to the directory where you want to save the CSR.
b.
Under File name, the name of the file is displayed. If your browser added anything to the file name,
such as [1] in the middle, delete that.
c.
Under Save as type, select All Files from the drop-down list. (If you do not do this, the system saves
the file with a .htm extension.)
d.
Click Save.
Step 9
Repeat Step 6 through Step 8 for the other CSR.
Step 10
Send these two CSRs to a CA, who will generate certificates and send them to you.
Note
Step 11
The certificates must be in privacy enhanced mail (PEM) format.
(Optional but recommended) Save a copy of each SSL file on a separate server, in case you ever reinstall
the operating system.
If you reinstall or upgrade the Cisco Unified MeetingPlace Express application, the SSL files are
preserved. If, however, you reinstall the operating system, the SSL files are not preserved.
Related Topics
•
Fields on the Generate Certificate Signing Requests (CSRs) Page, page C-69
•
About Certificates, page 12-1
•
Disabling SSL, page 12-5
•
About This Page: Download Certificate, page C-48
•
About This Page: Download Certificate Signing Request, page C-49
Enabling SSL
This topic describes how to upload certificates and enable SSL in Cisco Unified MeetingPlace Express.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
12-3
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
Note
Whether or not SSL is enabled, e-mail notifications use click-to-attend URLs that begin with “http”
instead of “https.” When SSL is enabled, the system automatically redirects users to an “https” URL.
Before You Begin
Caution
•
Obtain the two required certificates from a trusted certificate authority (CA). See the “Obtaining
Certificates” section on page 12-2.
•
The certificates must be in privacy enhanced mail (PEM) format.
•
You must upload both certificates at the same time.
•
For SSL to work, both Ethernet ports must be accessible by end users. You cannot have one Ethernet
port connected to an outside segment and the other connected to an inside segment unless
connectivity is available between those segments. For complete information about installing
Ethernet ports, see the Installation and Upgrade Guide for Cisco Unified MeetingPlace Express.
If you upload a certificate that will not be valid until a future date or time, the Cisco Unified
MeetingPlace Express system cannot be accessed even after you restart the system. See the Installation
and Upgrade Guide for Cisco Unified MeetingPlace Express for information on running a command to
determine when the system will be available again.
If you upload a certificate that is valid starting immediately, the system remains accessible.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page:
Step 4
a.
Click Certificate Management.
b.
Click Enable SSL.
Enter values in the fields on the Enable SSL for the End-User Interface, Administration Center, and Web
Conferencing page.
Caution
Be sure to enter the correct values in these fields. If you inadvertently enter wrong values, the system
may need to be restarted.
Note
If SSL is already enabled, the Cisco Unified MeetingPlace Express system displays a message stating
that SSL is already enabled for the End-User Interface, Administration Center, and web conferencing.
Step 5
Click Upload Certificates.
Step 6
In the dialog box, click OK to upload the certificates, update the configuration, and restart the server.
The system stores the certificate and other required SSL files, such as private keys and passwords, to the
usr/local/enrollment/ directory.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
12-4
OL-11374-01
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
Related Topics
•
About Certificates, page 12-1
•
Fields on the Enable SSL for the End-User Interface, Administration Center, and Web Conferencing
Page, page C-64
•
Disabling SSL, page 12-5
Disabling SSL
This topic describes how to disable SSL in Cisco Unified MeetingPlace Express.
Restrictions
You cannot disable SSL for only one web interface, such as the end-user web interface, Administration
Center, or web conferencing. Completing this task disables SSL completely for the system.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page:
Step 4
a.
Click Certificate Management.
b.
Click Disable SSL.
The system displays the Disable SSL page, with a message stating that disabling SSL interrupts system
operations and stops all meetings in progress.
Note
If SSL is already disabled, the Cisco Unified MeetingPlace Express system displays a message
stating that SSL is already disabled for the End-User Interface, Administration Center, and web
conferencing.
Step 5
Click Disable SSL.
Step 6
The system displays a dialog box stating that this will restart the server and to only proceed if you are
sure. Click OK to update the configuration and restart the server.
Related Topics
•
About This Page: Disable SSL, page C-44
•
About Certificates, page 12-1
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
12-5
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
Displaying a Certificate
This topic describes how to view the contents of an uploaded certificate, such as the valid dates and
signature.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page:
a.
Click Certificate Management.
b.
Click Display Certificate.
The Cisco Unified MeetingPlace Express system displays the names of your certificates.
Note
Step 4
If you do not have any certificates, the Cisco Unified MeetingPlace Express system displays a
message stating that you have no certificates to display.
Select a certificate and click Display Certificate to open it.
The system displays the contents of the certificate file.
Related Topics
•
About Certificates, page 12-1
•
About This Page: Display Certificate, page C-47
Downloading a Certificate
This topic describes how to download a copy of a certificate that was previously uploaded to
Cisco Unified MeetingPlace Express. This task is useful for backing up your certificate files.
Procedure
Step 1
Log in to Cisco Unified MeetingPlace Express.
Step 2
Click Administration at the top of the page.
Step 3
On the left side of the page:
Step 4
a.
Click Certificate Management.
b.
Click Download Certificates.
On the Download Certificates page, select a certificate to download and click Download Certificate.
The File Download dialog box appears.
Note
If you do not have any certificates, the Cisco Unified MeetingPlace Express system displays a
message stating that you have no certificates to download.
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
12-6
OL-11374-01
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
Step 5
Do one of the following:
•
To open the file, click Open.
•
To save the file, click Save.
Related Topics
•
About Certificates, page 12-1
•
About This Page: Download Certificate, page C-48
Replacing Expired Certificates
This topic describes how to replace expired certificates.
The Cisco Unified MeetingPlace Express system monitors the expiration date of each certificate and
logs errors one month and one week before the certificate expires. These values cannot be configured.
Procedure
High-Level Task
Where to Find Instructions
Step 1
Disable SSL.
Disabling SSL, page 12-5
Step 2
Obtain the new certificates.
Obtaining Certificates, page 12-2
Step 3
Upload the new certificates and enable SSL.
Enabling SSL, page 12-3
Related Topics
•
About Certificates, page 12-1
•
Displaying a Certificate, page 12-6
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
OL-11374-01
12-7
Chapter 12
Managing Certificates for Cisco Unified MeetingPlace Express
About Certificates
Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
12-8
OL-11374-01

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz