Security
Polycom, Inc. 8–23
deployed, self-signed certificates are not trusted by the PKI and so signed
certificates must be used. The following sections describe how to generate and
use certificates by using the Polycom HDX web interface.
Generating Certificate Signing Requests (CSRs)
The HDX system allows you to install one client and one server certificate for
identification of the HDX system to network peers. In order to obtain these
certificates you must first generate a Certificate Signing Request (CSR) for each
certificate. This request, also known as an unsigned certificate, must be
submitted to a CA so that it can be signed, after which the certificate can be
installed on the HDX system. Whether you need to generate a client-type CSR,
a server-type CSR, or both depends on which features and services you intend
to use, and whether your network environment supports certificate-based
authentication for those services. In most cases, both certificates are needed.
For example, if your HDX system is configured to use any of the following
features, and the servers providing those services perform certificate-based
authentication before allowing access to them, you must create a client-type
CSR and add the resulting certificate signed by the CA:
• RealPresence Resource Manager system Provisioning
• RealPresence Resource Manager system Monitoring
• RealPresence Resource Manager system LDAP Directory
• RealPresence Resource Manager system Presence
• Calendaring
• SIP
• 802.1X
The HDX system web server uses the server-type CSR and resulting certificate
whenever a user attempts to connect to the HDX web interface. The web server
does so by presenting the server certificate to the browser to identify the
system to the browser as part of allowing the browser to connect to the system.
The browser’s user needs the server certificate if he or she wants to be certain
about the identity of the HDX system he or she is connecting to. Settings in the
web browser typically control the validation of the server certificate, but you
can also validate the certificate manually.
To obtain a client or server certificate, you must first create a CSR. You can
create one client and one server CSR and submit each to the appropriate CA
for signing. After the CSR is signed by a CA, it becomes a certificate you can
add to the HDX system.
To create a CSR:
1 Go to Admin Settings > Security > Certificates.
Artisan Technology Group - Quality Instrumentation ... Guaranteed | (888) 88-SOURCE | www.artisantg.com
To Next Page
Loading...
Need help?
General
