Managing Certificates
Topics:
• Certificate Validation
• Create a Certificate Signing Request
• Install a Certificate
If your organization has deployed a public key infrastructure (PKI) for securing connections between
devices on your network, Polycom recommends that you have a strong understanding of certificate
management and how it applies to G200 systems before you integrate these products with the PKI.
G200 systems can use certificates to authenticate network connections to and from the G200 system.
The system uses configuration and management techniques typical of PKI to manage certificates and
certificate signing requests.
G200 systems can generate requests for certificates (CSRs) that can be then sent to a certificate
authority (CA) for official issuance. The CA is the trusted entity that issues, or signs, digital certificates for
others. Once signed by the CA, you can install the certificate on the G200 system for use in all TLS
connections used by the system.
G200 systems support, and typically require, the generation and use of one server certificate in .pem
format when used in an environment that has a fully deployed PKI. The G200 system's web server
presents this certificate after receiving connection requests from browsers attempting to connect to the
G200 system web interface.
When G200 systems are deployed in an environment that doesn’t have a fully deployed PKI, you don’t
need to install these certificates because all G200 systems automatically generate self-signed certificates
that can be used to establish secure TLS connections. However, when a full PKI is deployed, self-signed
certificates are not trusted by the PKI and signed certificates must be used.
Certificate Validation
Certificates are authorized externally when they are signed by the CA.
The certificates can be automatically validated when they are used to establish an authenticated network
connection. To perform this validation, the G200 system must have certificates installed for all CAs that
are part of the trust chain. A trust chain is the hierarchy of CAs that have issued certificates from the
device being authenticated, through the intermediate CAs that have issued certificates to the various
CAs, leading back to a root CA, which is a known trusted CA.
A certificate exchange is between a server and a client, both of which are peers. When a user is
accessing the G200 system web interface, the G200 system is the server and the web browser is the
client application.
31
To Next Page
Loading...
Need help?
General
