Security
Polycom, Inc. 8–29
Certificates and Security Profiles within a Provisioned System
When your HDX system is provisioned through the RealPresence Resource
Manager system and you use PKI certificates, consider the following
information. Be sure to enable provisioning after you follow the procedures
applicable to each Security Profile type.
• To use the Maximum Security Profile with provisioning:
1 The RealPresence Resource Manager system must be using
Maximum Security Mode.
2 You must manually assign the Maximum Security Profile to the HDX
endpoint during installation using the setup wizard.
3 You must observe the following procedures before you enable
provisioning on the HDX endpoint:
a You must install a signed client certificate on the HDX system to
enable the provisioning connection to be authenticated by the
RealPresence Resource Manager system.
Global Responder Address Specifies the URI of the responder that services
OCSP requests (for example,
http://responder.example.com/ocsp)
. This
responder is used for all OCSP validation when
Use Responder Specified in Certificate is
disabled, and is sometimes used even when Use
Responder Specified in Certificate is enabled.
Polycom therefore recommends that you always
enter a Global Responder Address regardless of
the value chosen for the Use Responder
Specified in Certificate setting.
Use Responder Specified
in Certificate
In some cases, the certificate itself includes the
responder address. When this field is enabled, the
HDX system attempts to use the address in the
certificate (when present) instead of the Global
Responder Address specified in the previous
field.
Note: The Polycom HDX system supports only the
use of HTTP URLs in the AIA field of a certificate
when Use Responder Specified in Certificate is
enabled.
If you use OCSP, you might need to install one or more additional CA certificates on
the HDX system, for validation of the OCSP response messages.
Setting Description
Artisan Technology Group - Quality Instrumentation ... Guaranteed | (888) 88-SOURCE | www.artisantg.com