Administrator’s Guide for the Polycom RealPresence Group Series Security
Polycom, Inc. 123
2 Configure these settings on the Revocation page and click Save.
Certificates and Security Profiles within a Provisioned System
When your RealPresence Group system is provisioned through the RealPresence Resource Manager
system and you use PKI certificates, consider the following information. Be sure to enable provisioning after
you follow the procedures applicable to each Security Profile type.
● To use the Maximum Security Profile with provisioning:
The RealPresence Resource Manager system must be using Maximum Security Mode.
You must manually assign the Maximum Security Profile to the RealPresence Group endpoint
during installation using the setup wizard, or afterwards using the web interface.
You must use full PKI and observe the following procedures before you enable provisioning on
the RealPresence Group endpoint:
Setting Description
Revocation Method Select the OSCP method.
Allow Incomplete
Revocation Checks
When this field is enabled, the RealPresence Group system treats the following
response from the OCSP responder as a successful revocation checks that would
otherwise be considered a failed check:
• If the OCSP responder responds that the status is unknown or if no response is
received, the system treats this as a successful revocation check.
Regardless of the state of this setting, the following statements apply:
• If the OCSP responder indicates a known revoked status, the RealPresence
Group system treats this as a revocation check failure and does not allow the
connection.
• If the OCSP responder indicates a known good status, the RealPresence Group
system treats this as a successful revocation check and allows the connection.
Global Responder Address Specifies the URI of the responder that services OCSP requests (for example,
http://responder.example.com/ocsp). This responder is used for all
OCSP validation when Use Responder Specified in Certificate is disabled, and
is sometimes used even when Use Responder Specified in Certificate is
enabled. Polycom therefore recommends that you always enter a Global
Responder Address regardless of the value chosen for the Use Responder
Specified in Certificate setting.
Use Responder Specified
in Certificate
In some cases, the certificate itself includes the responder address. When this field
is enabled, the RealPresence Group system attempts to use the address in the
certificate (when present) instead of the Global Responder Address specified in
the previous field.
Note: The Polycom RealPresence Group system supports only the use of HTTP
URLs in the AIA field of a certificate when Use Responder Specified in
Certificate is enabled.
If you use OCSP, you might need to install one or more additional CA certificates on the
RealPresence Group system, for validation of the OCSP response messages.
To Next Page
Loading...
