Help contents >
Advanced topics >
Configuring SSL certificates
|
搜尋/列印 索引 |
If the MCU has the Secure management (HTTPS) or Encryption feature key installed, and you enable Secure web on the page, you will be able to access the web interface of the MCU using HTTPS. The MCU has a local certificate and private key pre-installed and this will be used by default when you access the unit using HTTPS. However, we recommend that you upload your own certificate and private key to ensure security as all MCUs have identical default certificates and keys.
To upload your own certificate and key, go to
. Complete the fields using the table below for help and click . Note that you must upload a certificate and key simultaneously. After uploading a new certificate and key, you must restart the MCU.If you have uploaded your own certificate and key, you can remove it later if necessary; to do this, click
.The table below details the fields you see on the
page.Field | Field description | Usage tips |
Local certificate | ||
Subject | The details of the business to which the certificate has been issued:
|
|
Issuer | The details of the issuer of the certificate. |
Where the certificate has been self-issued, these details will be the same as for the Subject. |
Issued | The date on which the certificate was issued. |
|
Expires | The date on which the certificate will expire. |
|
Private key | Whether the private key matches the certificate. |
Your web browser uses the SSL certificate's public key to encrypt the data that it sends back to the MCU. The private key is used by the MCU to decrypt that data. If the Private key field shows 'Key matches certificate' then the data is securely encrypted in both directions. |
Local certificate configuration | ||
Certificate | If your organization has bought a certificate, or you have your own way of generating certificates, you can upload it. Browse to find the certificate file. |
|
Private key | Browse to find the private key file that accompanies your certificate. |
|
Private key encryption password | If your private key is stored in an encrypted format, you must enter the password here so that you can upload the key to the MCU. |
|
Trust store | ||
Subject | The details of the business to which the trust store certificate has been issued:
|
|
Issuer | The details of the issuer of the trust store certificate. |
Where the certificate has been self-issued, these details will be the same as for the Subject. |
Issued | The date on which the trust store certificate was issued. |
|
Expires | The date on which the trust store certificate will expire. |
|
Trust store | You can upload a 'trust store' of certificates that the MCU will use to verify the identity of the other end of a TLS connection. If you have a trust store certificate on the MCU, you can delete it; to do so, click .The trust store must be in '.pem' format. |
Note that uploading a new trust store replaces the existing store. |
Certificate verification settings | Choose to what extent the MCU will verify the identity of the far end for a connection:
|
The trust store contains 'master' certificates that can be used to verify the identity of a certificate presented by the far end. Outgoing connections are connections such as SIP calls which use TLS. |
(c) Copyright Cisco Systems 2003-2010, 授權資訊 |