Cisco Webex计划于2021年3月启用新的证书颁发机构IdenTrust Commercial Root CA 1。对于通过Expressway连接Webex会议的用户，或使用Expressway的连接器，需要在2021年3月31日之前将新证书上传到其Expressway设备。大多数用户无需采取任何行动，但特定配置的用户需要手动更新证书，以确保连接的持续性和安全性。文章提供了详细的操作指南，帮助用户顺利完成证书更新。

🔑 从2021年3月开始，Webex将切换到新的证书颁发机构IdenTrust Commercial Root CA 1。

🛠️ 如果您使用Endpoints通过VCS-Expressway或Expressway Edge连接Webex视频平台，必须将新证书添加到VCS或Expressway的受信任根存储中。

⚙️ 对于使用Connector或Hybrid Service的用户，且未选择云证书管理，需要在VCS的受信任根存储中添加新证书。

📢 使用Cisco Webex Edge Audio的用户，或限制了访问URL以检查证书吊销列表的用户，也需要采取相应措施，包括添加证书和允许访问指定的CRL URL。

✅ 文章提供了在VCS-Control、VCS-Expressway、Expressway Core和Expressway Edge上上传新证书的详细步骤，包括下载证书文件和在Expressway设备上上传的操作。

Starting in March 2021, Cisco Webex will be moving to a new Certificate Authority, IdenTrust Commercial Root CA 1. Customers using Expressway to dial into Webex meetings, or one of the connectors that leverages Expressway, must upload the new certificate to their Expressway devices before March 31, 2021. In general, this change will be transparent and require no action from customers.You must take action if:- You are using Endpoints to connect to the Cisco Webex Video Platform through a Video Communication Server (VCS)-Expressway or Expressway Edge. You must add the new certificate into the Trusted Root Store of the VCS or Expressway.- You are using a Connector or Hybrid Service on a VCS-Control or Expressway Core and have not opted into Cloud Certificate Management. You must add the new certificate into the Trusted Root Store of the VCS.- You are using Cisco Webex Edge Audio through a VCS-Expressway, or Expressway Edge. You must add the certificate into the trusted root store of the VCS or Expressway.- You have restricted access to URLs for checking Certificate revocation lists. You must allow Webex clients to reach the Certificate Revocation List hosted at http://validation.identrust.com/crl/hydrantidcao1.crlWe have also added *.identrust.com into the list of URLs that must be allowed for certificate verification.- You are not using the default Certificate Trust Stores for your operating systems. You must add the certificate into your trusted root store. This certificate is contained within the default trust store of all major operating systems by default.Instruction on how to upload the new certificate onto a VCS-Control, VCS-Expressway, Expressway Core and Expressway Edge:Download the IdenTrust Commercial Root CA 1 here: https://www.identrust.com/identrust-commercial-root-ca-1 and save it as identrust_RootCA1.pemOn all your Expressway devices, navigate to Maintenance > Security > Trusted CA CertificateBrowse > Upload the identrust_RootCA1.pem > Append CA CertificateVerify the certificate successfully uploaded and is present in the VCS Expressway Trust Store
Mar 16, 17:57 UTC