McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 38

↗ View in doc context
page
38
source
unity-connection/v15/os-admin/os-admin.md
chunk_id
unity-connection::v15::os-admin::os-admin::33

Step 2 Check the Enable OCSP check box in the Online Certificate Status Protocol Configuration area. Step 3 Choose Use OCSP URI from Certificate if the certificate is configured with OCSP URI and that to be used to contact OCSP Responder. Step 4 Choose Use configured OCSP URI if external or configured URI is used to contact OCSP Responder. Enter the URI of the OCSP Responder, where certificate revocation status is verified, in the OCSP Configured URI field. Step 5 Check the check box for Enable Revocation Check to perform the revocation check. The certificate revocation service is active for LDAP and IPSec connections, when revocation and expiry check enterprise parameter is set to enabled. Note Step 6 Enter the Check Every value to check the periodicity of the certificate revocation status. • Click Hours or Days to check the revocation status hourly or daily. Step 7 Click Save. You must upload the OCSP Responder certificate to tomcat-trust before enabling OCSP. Warning The Certificate revocation status check is performed only during upload of a Certificate or Certificate chain and the appropriate alarm will be raised if a certificate is revoked. The Cisco Certificate Expiry Monitor service must be restarted to ensure certificate revocation. Navigate to Cisco Unified Serviceability > Tool > Control Center - Network Services and restart the Cisco Certificate Expiry Monitor service. Note Generating IPSEC Certificate To generate or regenerate the ipsec certificate on standalone or cluster, follow this procedure: Step 1 Navigate to Security > Certificate Management. The Certificate List window displays. Step 2 Click Generate Self-signed > or > Generate CSR. The Generate Certificate dialog box opens. Step 3 Select ipsec from the Certificate Purpose drop-down list. Step 4 Click Generate. After generating the certificate, ipsec and ipsec trust will be updated with the certificate for standalone or publisher server. Step 5 In case of subscriber server, follow Step 1 to Step 4 for generating ipsec certificate. After generating, download the ipsec certificate from subscriber server. Step 6 Navigate to Security > Certificate Management on subscriber server. Step 7 Click Upload Certificate/Certificate Chain. The Upload Certificate Trust List dialog box opens. Step 8 Select the ipsec-trust from the Certificate Purpose drop-down list. Step 9 Browse the certificate and click Upload. Cisco Unified Communications Operating System Administration Guide for Cisco Unity Connection Release 15 32 Security Generating IPSEC Certificate