Cisco TelePresence Content Server Release 6.x
Public SSL Certificate Installation Guide
September 22, 2014
This document provides instructions for installing a single-use domain name or subdomain SSL
certificate, or a self-signed certificate, on a Cisco TelePresence Content Server Release 6.x.
See these sections:
•
SSL Certificate Installation, page 1
•
Self-Signed Certificate Installation, page 13
•
Related Documentation, page 13
•
Obtaining Documentation and Submitting a Service Request, page 13
SSL Certificate Installation
Complete these steps to install a single-use SSL certificate on the Content Server:
1.
Create Certificate Signing Request, page 2
2.
Submit Certificate for Signing, page 4
3.
Complete Certificate Request, page 10
4.
Verify Certificate, page 12
Before You Begin
Contact a certificate authority (CA) to request an SSL certificate for use with Window Server 2008 R2
Internet Information Services Version 7 (IIS7). You can use any CA, these four are among the best
known:
•
VeriSign—www.verisign.com
•
GoDaddy—www.godaddy.com
•
Comodo—www.comodo.com
•
Network Solutions—www.networksolutions.com
Cisco Systems, Inc.
www.cisco.com
SSL Certificate Installation
Create Certificate Signing Request
Follow these steps to create a certificate signing request (CSR or certification request) to apply for a
digital identity certificate.
Step 1
Open a Remote Desktop Connection to the Content Server. Log in as an administrator.
Step 2
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
Step 3
In the Features view, double-click Server Certificates.
Step 4
In the Actions pane, click Create Certificate Request.
Step 5
In the Distinguished Name Properties window:
a.
Enter the Common name for the Content Server. The Common name is the FQDN used to access
the Content Server from within your organization.
Note
Do not use the Content Server IP address for the Common name. For the certificate to
function properly, enter the Content Server FQDN.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
2
SSL Certificate Installation
Some certificate authorities provide Unified Communications certificates that allow the listing of
multiple Subject Alternative Names (SAN) to secure multiple distinct hostnames in one certificate.
The SAN option is not available when using the IIS certificate utility. The IIS utility supports only
single-use certificates.
b.
Step 6
Enter the Organization, Organizational unit, City, State, and Country. Click Next.
In the Cryptographic Service Provider Properties window, enter the following:
a.
In the Cryptographic service provider drop-down menu, choose Microsoft RSA SChannel
Cryptographic Provider.
b.
In the Bit length field, enter a key-length value that can be used by the provider. A longer bit length
is more secure, but it can affect performance.
c.
Click Next.
Step 7
In the File Name window, enter a filename for the certificate request
<C:\Users\Administrator\Desktop\cert_request.txt>. The Certificate Authority that you choose will
accept the request and “sign” it for you.
Step 8
Open the file that you created in Step 7. Store the complete request including the “Begin” and “End”
sections and all dashes in a text file. Do not include any additional carriage returns after the final dash.
The file will look like the following example. Click Finish.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
3
SSL Certificate Installation
Submit Certificate for Signing
Step 1
Request an SSL certificate from a certificate authority (CA). See Before You Begin for a list of
recommended CA vendors.
Follow the CA instructions to create an account and order an SSL certificate.
Step 2
When you reach the CA screen that requests the certificate signing, paste (or upload) the text file that
you created in Step 8.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
4
SSL Certificate Installation
Step 3
When the CA completes the signing process (and optionally, verifies the domain ownership), download
the certificate in the IIS7 server format.
Step 4
The CA will provide two files: the intermediate certificate (PKCS #7 Certificates) and the server
certificate (Security Certificate). Each certificate must be installed separately to complete the signing
process. Copy both files to the Content Server IIS.
Note
Step 5
Make certain that you properly identify and copy the two certificate files. The intermediate
certificate PKCS #7 Certificates includes all of the necessary intermediate certificates. The
Security Certificate is the server certificate.
Go to Start > Run > MMC (Microsoft Management Console). Choose File > Add/Remove Snap-in.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
5
SSL Certificate Installation
Step 6
Choose Certificates > Add to add the Console Root folder to the Selected snap-ins window. Click OK.
Step 7
In the Certificates snap-in window, click the Computer account radio button. Click Next.
Step 8
In the Select Computer window, click the Local computer (the computer this console is running on)
radio button. Click Finish. Click OK to return to the MMC.
Step 9
In the MMC, click + Certificates to expand the menu.
Step 10
Right-click the Intermediate Certification Authorities folder. Choose All Tasks > Import to open the
certificate import wizard. Click Next.
Step 11
Choose Browse. Choose the PKCS#7 Certificates format and choose the intermediates certificate from
the CA. Click Open.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
6
SSL Certificate Installation
Note
If you incorrectly choose the Server certificate at this step, you will need to start over at Step 7.
You will need to create a new cert_request.txt file, and request a certificate re-key from the CA
(the CA will revoke the original key and reissue a new key).
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
7
SSL Certificate Installation
Step 12
In the Certificate Store window, click the Place all certificates in the following store radio button.
Confirm that Intermediate Certification Authorities is displayed in the Certificate store field. Click
Next.
Step 13
Click Finish to close the certificate import wizard.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
8
SSL Certificate Installation
Step 14
Step 15
In the MMC, verify the certificate installation.
a.
Go to Certificates (Local Computer > Intermediate Certification Authorities > Certificates.
b.
Choose the certificate that you imported.
c.
In the Certificate window, choose the Certification Path tab. Choose the certificate. The Certificate
status will read OK. Click OK.
Exit from the MMC.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
9
SSL Certificate Installation
Complete Certificate Request
Step 1
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
Step 2
Double-click Server Certificates.
Step 3
In the Actions pane, click Complete Certificate Request.
Step 4
In the Specify Certificate Authority Response window
Step 5
a.
Browse to the file that contains the CA response.
b.
In the Friendly name field, type a friendly name for the certificate that is easy to remember and
identify.
Click OK. The certificate is loaded into the Microsoft certificate store.
Next, you will bind and enable the certificate within IIS for the Content Server website.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
10
SSL Certificate Installation
Step 6
In IIS, go to Start Page > TCS > Sites > Default Web Site. Click Bindings to open the Site Bindings
window.
Step 7
In the Site Bindings window, choose https/443 and click Edit. If https/443 is not present, click Add to
add the binding and then click Edit.
Step 8
In the Edit Site Binding window SSL certificate drop down menu, choose the friendly name certificate
that you entered in Step 4.
Note
Step 9
If you do not see the friendly name certificate that you created in Step 4, confirm that you have
correctly completed all previous steps in this procedure.
Click OK to complete the HTTPS binding for your default website certificate. It will take a few moments
to complete.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
11
SSL Certificate Installation
Verify Certificate
Step 1
Verify that the certificate is functioning by browsing to the Content Server FQDN.
Step 2
In the browser address field, click on the green lock icon in the Content Server URL.
Step 3
In the Certificate window, click the Certification Path tab. Choose the certificate and verify the status
in the Certificate status pane. Click OK.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
12
Self-Signed Certificate Installation
Self-Signed Certificate Installation
If you use a self-signed certificate for the Content Server, client browsers will generate an error stating
that the signing certificate authority is unknown and not trusted. Because of the certificate-error
message, you should develop an appropriate work around that is consistent with your security policies
for all users that access the Content Server.
Follow these steps to install a self-signed certificate:
Step 1
Open a Remote Desktop Connection to the Content Server. Log in as an administrator.
Step 2
Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
Step 3
In the Features view, double-click Server Certificates.
Step 4
In the Actions pane, click Create Self-signed Certificate.
Step 5
On the Create Self-Signed Certificate page, type a “Friendly name” for the certificate in the Specify a
friendly name for the certificate box. Click OK.
Related Documentation
•
Cisco TelePresence Content Server Documentation
http://www.cisco.com/en/US/products/ps11347/tsd_products_support_series_home.html
•
Cisco Capture Transform Share Documentation
http://www.cisco.com/en/US/products/ps12130/products_installation_and_configuration_guides_l
ist.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a
service request, and gathering additional information, see What’s New in Cisco Product Documentation
at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised
Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a
reader application. The RSS feeds are a free service.
This document is to be used in conjunction with the documents listed in the “Related Documentation” section.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of
Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The
use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any
examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only.
Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2014 Cisco Systems, Inc. All rights reserved.
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
13
Obtaining Documentation and Submitting a Service Request
Cisco TelePresence Content Server Release 6.x Public SSL Certificate Installation Guide
14