Configuration and Maintenance Guide for Cisco Unified MeetingPlace Express Release 1.2
Managing Certificates for Cisco Unified MeetingPlace Express
Downloads: This chapterpdf (PDF - 214.0KB) The complete bookPDF (PDF - 5.53MB) | Feedback

Managing Certificates for Cisco Unified MeetingPlace Express

Table Of Contents

Managing Certificates for Cisco Unified MeetingPlace Express

About Certificates

Obtaining Certificates

Enabling SSL

Disabling SSL

Displaying a Certificate

Downloading a Certificate

Replacing Expired Certificates


Managing Certificates for Cisco Unified MeetingPlace Express


Revised: October 18, 2006, OL-11374-01

Topics in this section include:

About Certificates

Obtaining Certificates

Enabling SSL

Disabling SSL

Displaying a Certificate

Downloading a Certificate

Replacing Expired Certificates

The content in this chapter applies in the following cases:

You have a Cisco Unified MeetingPlace Express system.

You have a Cisco Unified MeetingPlace Express VT system.

About Certificates

To use Secure Sockets Layer (SSL) to provide secure web communications to and from Cisco Unified MeetingPlace Express, you must obtain two certificates from a trusted certificate authority (CA):

One for the end-user web interface and the Administration Center

One for web conferencing

Each certificate uses the digital signature of a trusted certificate authority (CA) to confirm that a cryptographic key belongs to a specific organization at a specific location. Each certificate also includes a validity period, after which the certificate expires.


Note Cisco Unified MeetingPlace Express does not support self-signed certificates.


Related Topics

Obtaining Certificates

Enabling SSL

Disabling SSL

Displaying a Certificate

Downloading a Certificate

Replacing Expired Certificates

Obtaining Certificates

This topic describes how to obtain certificates by generating certificate signing requests (CSRs) from the Administration Center and sending the CSRs to a CA that issues certificates.


Note You may have a different method for obtaining trusted certificates. If you use that method instead of completing this task, then note the following:

Make sure that you also obtain private keys and passwords.

We recommend that you save a copy of each SSL file on a separate server, in case you ever reinstall the operating system. If you reinstall or upgrade the Cisco Unified MeetingPlace Express application, the SSL files are preserved. If, however, you reinstall the operating system, the SSL files are not preserved.

Proceed to the "Enabling SSL" section.


Before You Begin


Caution If you already have valid SSL certificates installed on your Cisco Unified MeetingPlace Express server, generating new CSRs will make the existing SSL certificates invalid. Proceed only if you are installing SSL certificates for the first time or if you are replacing expired SSL certificates.

SSL must be disabled to generate CSRs.

Choose a trusted CA that issues certificates in privacy enhanced mail (PEM) format. Other certificate formats, such as Distinguished Encoding Rules (DER), are not supported.

The CSRs and resulting certificates use the hostnames that were entered during the Network Setup of the operating system (OS) installation:

The certificate for the end-user web interface and Administration Center uses the hostname assigned to Ethernet Port 1 (device eth0).

The certificate for web conferencing uses the hostname assigned to Ethernet Port 2 (device eth1).

If you ever change the hostnames in your system, then you must obtain new certificates.

See the Installation and Upgrade Guide for Cisco Unified MeetingPlace Express for information about installing the operating system.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click Certificate Management.

b. Click Generate CSRs.

Step 4 Enter values in the fields on the Generate Certificate Signing Requests (CSRs) page.

Step 5 Click Generate CSRs.


Note If SSL is currently enabled, the system displays a message stating that you cannot generate CSRs and takes you back to the Generate Certificate Signing Requests (CSRs) page. See Step 4.


Step 6 In the Download Certificate Signing Requests page, select either of the CSRs and click Download CSR.

Step 7 In the File Download dialog box, click Save.

Step 8 In the Save As dialog box, do the following:

a. In the Save in field, navigate to the directory where you want to save the CSR.

b. Under File name, the name of the file is displayed. If your browser added anything to the file name, such as [1] in the middle, delete that.

c. Under Save as type, select All Files from the drop-down list. (If you do not do this, the system saves the file with a .htm extension.)

d. Click Save.

Step 9 Repeat Step 6 through Step 8 for the other CSR.

Step 10 Send these two CSRs to a CA, who will generate certificates and send them to you.


Note The certificates must be in privacy enhanced mail (PEM) format.


Step 11 (Optional but recommended) Save a copy of each SSL file on a separate server, in case you ever reinstall the operating system.

If you reinstall or upgrade the Cisco Unified MeetingPlace Express application, the SSL files are preserved. If, however, you reinstall the operating system, the SSL files are not preserved.


Related Topics

Fields on the Generate Certificate Signing Requests (CSRs) Page, page C-69

About Certificates

Disabling SSL

About This Page: Download Certificate, page C-48

About This Page: Download Certificate Signing Request, page C-49

Enabling SSL

This topic describes how to upload certificates and enable SSL in Cisco Unified MeetingPlace Express.


Note Whether or not SSL is enabled, e-mail notifications use click-to-attend URLs that begin with "http" instead of "https." When SSL is enabled, the system automatically redirects users to an "https" URL.


Before You Begin

Obtain the two required certificates from a trusted certificate authority (CA). See the "Obtaining Certificates" section.

The certificates must be in privacy enhanced mail (PEM) format.

You must upload both certificates at the same time.

For SSL to work, both Ethernet ports must be accessible by end users. You cannot have one Ethernet port connected to an outside segment and the other connected to an inside segment unless connectivity is available between those segments. For complete information about installing Ethernet ports, see the Installation and Upgrade Guide for Cisco Unified MeetingPlace Express.


Caution If you upload a certificate that will not be valid until a future date or time, the Cisco Unified MeetingPlace Express system cannot be accessed even after you restart the system. See the Installation and Upgrade Guide for Cisco Unified MeetingPlace Express for information on running a command to determine when the system will be available again.

If you upload a certificate that is valid starting immediately, the system remains accessible.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click Certificate Management.

b. Click Enable SSL.

Step 4 Enter values in the fields on the Enable SSL for the End-User Interface, Administration Center, and Web Conferencing page.


Caution Be sure to enter the correct values in these fields. If you inadvertently enter wrong values, the system may need to be restarted.


Note If SSL is already enabled, the Cisco Unified MeetingPlace Express system displays a message stating that SSL is already enabled for the End-User Interface, Administration Center, and web conferencing.


Step 5 Click Upload Certificates.

Step 6 In the dialog box, click OK to upload the certificates, update the configuration, and restart the server.

The system stores the certificate and other required SSL files, such as private keys and passwords, to the usr/local/enrollment/ directory.


Related Topics

About Certificates

Fields on the Enable SSL for the End-User Interface, Administration Center, and Web Conferencing Page, page C-64

Disabling SSL

Disabling SSL

This topic describes how to disable SSL in Cisco Unified MeetingPlace Express.

Restrictions

You cannot disable SSL for only one web interface, such as the end-user web interface, Administration Center, or web conferencing. Completing this task disables SSL completely for the system.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click Certificate Management.

b. Click Disable SSL.

Step 4 The system displays the Disable SSL page, with a message stating that disabling SSL interrupts system operations and stops all meetings in progress.


Note If SSL is already disabled, the Cisco Unified MeetingPlace Express system displays a message stating that SSL is already disabled for the End-User Interface, Administration Center, and web conferencing.


Step 5 Click Disable SSL.

Step 6 The system displays a dialog box stating that this will restart the server and to only proceed if you are sure. Click OK to update the configuration and restart the server.


Related Topics

About This Page: Disable SSL, page C-44

About Certificates

Displaying a Certificate

This topic describes how to view the contents of an uploaded certificate, such as the valid dates and signature.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click Certificate Management.

b. Click Display Certificate.

The Cisco Unified MeetingPlace Express system displays the names of your certificates.


Note If you do not have any certificates, the Cisco Unified MeetingPlace Express system displays a message stating that you have no certificates to display.


Step 4 Select a certificate and click Display Certificate to open it.

The system displays the contents of the certificate file.


Related Topics

About Certificates

About This Page: Display Certificate, page C-47

Downloading a Certificate

This topic describes how to download a copy of a certificate that was previously uploaded to Cisco Unified MeetingPlace Express. This task is useful for backing up your certificate files.

Procedure


Step 1 Log in to Cisco Unified MeetingPlace Express.

Step 2 Click Administration at the top of the page.

Step 3 On the left side of the page:

a. Click Certificate Management.

b. Click Download Certificates.

Step 4 On the Download Certificates page, select a certificate to download and click Download Certificate. The File Download dialog box appears.


Note If you do not have any certificates, the Cisco Unified MeetingPlace Express system displays a message stating that you have no certificates to download.


Step 5 Do one of the following:

To open the file, click Open.

To save the file, click Save.


Related Topics

About Certificates

About This Page: Download Certificate, page C-48

Replacing Expired Certificates

This topic describes how to replace expired certificates.

The Cisco Unified MeetingPlace Express system monitors the expiration date of each certificate and logs errors one month and one week before the certificate expires. These values cannot be configured.

Procedure

 
High-Level Task
Where to Find Instructions

Step 1 

Disable SSL.

Disabling SSL

Step 2 

Obtain the new certificates.

Obtaining Certificates

Step 3 

Upload the new certificates and enable SSL.

Enabling SSL

Related Topics

About Certificates

Displaying a Certificate