Administrator’s Guide for the Polycom RealPresence Group Series Security
Polycom, Inc. 121
When you add a CA certificate to the RealPresence Group system, the certificate becomes trusted for the
purpose of validating peer certificates.
Configuring Certificate Validation Settings
Certificates are authorized externally when they are signed by the CA. The certificates can be automatically
validated when they are used to establish an authenticated network connection. To perform this validation,
the RealPresence Group system must have certificates installed for all CAs that are part of the trust chain.
A trust chain is the hierarchy of CAs that have issued certificates from the device being authenticated,
through the intermediate CAs that have issued certificates to the various CAs, leading back to a root CA,
which is a known trusted CA. The following sections describe how to install and manage these certificates.
A certificate exchange is between a server and a client, both of which are peers. When a user is accessing
the RealPresence Group system web interface, the RealPresence Group system is the server and the web
browser is the client application. In other situations, such as when the RealPresence Group system
connects to LDAP directory services, the RealPresence Group system is the client and the LDAP directory
server is the server.
To configure certificate usage:
1 Go to Admin Settings > Security > Certificates > Certificate Options.
2 Configure these settings on the Certificates screen and click Save.
Configuring Certificate Revocation Settings
When certificate validation is enabled (refer to Configuring Certificate Validation Settings on page 121), the
RealPresence Group system tries to validate the peer certificate chain on secure connection attempts for
the applicable network services.
Part of the validation process includes a step called revocation checking. This type of check involves
consulting with the CA that issued the certificate in question to see whether the certificate is still active or
has been revoked for some reason. Revoked certificates are considered invalid because they might have
been compromised in some way or improperly issued, or for other similar reasons. The CA is responsible
If you do not add the server certificate for the RealPresence Group system before using the web
interface, you might receive error messages from your browser stating that the security certificate for
the web site “Polycom” cannot be verified. Most browsers allow the user to proceed after this warning
is displayed. See the Help section of your browser for instructions on how to do this.
Setting Description
Maximum Peer Certificate
Chain Depth
Specifies how many links a certificate chain can have. The term peer
certificate refers to any certificate sent by the far-end host to the
RealPresence Group system when a network connection is being established
between the two systems.
Always Validate Peer
Certificates from Browser
Controls whether the RealPresence Group system requires a browser to
present a valid certificate when it tries to connect to the web interface.
Always Validate Peer
Certificates from Server
Controls whether the RealPresence Group system requires the remote server
to present a valid certificate when connecting to it for services such as those
listed for client-type CSRs in Generating Certificate Signing Requests (CSRs)
on page 118 (provisioning, directory, SIP, and so forth).
To Next Page
Loading...
Need help?
General
