Manualshelf

Specifications

ManualsBrandsCisco ManualsBusiness equipmentMCU 5300 series
18192021222324252627
Document revision history
Cisco TelePresence MCU 4.4(3.49) Maintenance Release Notes Page 25 of 27
1. Ensure that an appropriate HTTPS trust store has been installed on the MCU (Network > SSL
certificates).
2. Go to Network > Services and enable both HTTP and HTTPS.
3. Go to Settings > Security and disable Redirect HTTP requests to HTTPS. This ensures that you can
fall back to HTTP if problems occur.
4. Go to Network > SSL certificates.
a. Scroll to the Online certificate status protocol (OCSP) section.
b. Set Certificate to check to HTTPS client certificates.
c. Enter the URL of the external OCSP server and set any options you require.
d. Click Apply changes.
5. Now test that you are able to log in to the MCU over an HTTPS connection. Only proceed to the next step
if you can successfully log in.
6. Do one of the following, as appropriate for your configuration:
l Go to Network > Services and disable HTTP.
l Go to Settings > Security and enable Redirect HTTP requests to HTTPS.
Requiring certificate-only login (all connections)
To transition from password-based authentication to required certificate-based authentication for all
connection types, do the following:
1. Ensure that an appropriate HTTPS trust store is installed on the MCU (Network > SSL certificates) and
that the web browser(s) to be used to access the MCU are configured with a valid client certificate.
2. Go to Network > Services and enable both HTTP and HTTPS.
3. Go to Settings > Security and disable Redirect HTTP requests to HTTPS (uncheck the check box).
This ensures that you can fall back to HTTP if problems occur.
4. Go to Network > SSL certificates:
a. Scroll to the HTTPS trust store section.
b. Set Client certificate security to Certificate-based authentication allowed.
Do NOT set Client certificate security to Certificate-based authentication required yet.
c. Click Apply changes.
5. Now test that you are able to log in to the MCU over an HTTPS connection using a certificate. Only
proceed to the next step if you can successfully log in with a certificate.
6. Assuming the previous step succeeded, go to the Client certificate security option again and this time
set it to Certificate-based authentication required.
7. Click Apply changes and confirm at the prompt.
It is now not possible to log in over HTTP. To log in over HTTPS requires a valid client certificate signed
by a certificate authority, which matches the HTTPS trust store on the MCU.
8. Do one of the following, as appropriate for your configuration:
l Go to Network > Services and disable HTTP.
l Go to Settings > Security and enable Redirect HTTP requests to HTTPS.
Document revision history
Date Revision Description
December 2012 16 Release version.