Recover Video Communications Server (VCS) Web interface - revoked Certificate

Available Languages

Download Options

  • PDF     (187.2 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (226.7 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (242.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 10, 2020
Document ID:200628

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the scenario where certificate on Video Communications Server (VCS) servers has been revoked and as a result the Graphical User Interface (GUI) is not accessible.

Components used

VCS with expired server certificate

Problem

In this scenario you would not have access to VCS GUI and an attempt to access the VCS through GUI will give you an error that the certificate of the VCS server has been revoked

Solution

To mitigate the issue you would need to revert to default certificates on the VCS. This will enable GUI access and then certificates will need to be re-generated.

You can achieve the above task in either of the two ways:

  1. Using an Secure Copy Protocol (SCP) software (for eg: WinSCP)
  2. Using root Command Line Interface (CLI)

SCP Application (for eg: WinSCP)

  • Using Secure File Transfer Protocol (SFTP) application (for eg: WinSCP), navigate to the directory /tandberg/persistent/certs after you login using root credetnials for VCS

  • Remove (KEEP BACKUP) server.pem, privkey.pem, ca.pem, client-ca.crl, policy-services.crl
  • Restart HTTP service from root (/etc/init.d/S80httpd restart)

ROOT CLI

Use any SSH client and ssh to VCS using root credetials.


For versions prior to VCS 12.5(all 8.x versions), replace the existing certificates with the default certificates using the following commands:

~ # cp /tandberg/persistent/certs/server.pem.default /tandberg/persistent/certs/server.pem

~ # cp /tandberg/persistent/certs/privkey.pem.default /tandberg/persistent/certs/privkey.pem

~ # cp /tandberg/persistent/certs/ca.pem.default /tandberg/persistent/certs/ca.pem

~ # cp /tandberg/persistent/certs/client-ca.crl.default /tandberg/persistent/certs/client-ca.crl

~ # cp /tandberg/persistent/certs/policy-services.crl.default /tandberg/persistent/certs/policy-services.crl

~ # /etc/init.d/S80httpd restart

For version 12.5 the the defaults certificates dont exist anymore under:

~ # cd /tandberg/persistent/certs

~ # ls

You will not see the .default certs here.


You need to delete the server.pem and reboot the VCS which will revert the VCS to default certificates.

~ # rm server.pem

~ # reboot


TAC Authored

Contributed by Cisco Engineers

  • Ishan Sambhi
    Cisco TAC Engineer
  • Prashant Kapur
    Cisco TAC Engineer
  • Rafael Amaya
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products