How Certificates Are Used; Certificate Signing Requests - Polycom RealPresence Group Series Administrator's Manual

Systems can use certificates to authenticate network connections to and from the system. The system
uses configuration and management techniques typical of PKI to manage certificates, certificate signing
requests, and revocation checking. ANSI X.509 standards regulate the characteristics of certificates and
revocation. Polycom supports the following certificate file formats: .pem,.crt/.cert.
Related Links
Enable PKI Certificates on page 109
Configure 802.1x Authentication

How Certificates are Used

RealPresence Group Series systems can generate CSRs to send to a certificate authority (CA). (A CA is
a trusted entity that officially issues, or signs, digital certificates.) Once signed by the CA, you can install
the certificate on the system for its TLS connections.
Systems support, and typically require, two certificates when used in an environment with fully deployed
PKI:
• Server certificate: The system's web server presents this certificate after receiving connection
requests from browsers attempting to connect to the system's web interface.
• Client certificate: The system presents this to authenticate its identity while trying to connect to a
remote server. Examples of remote servers include the RealPresence Resource Manager system, a
SIP proxy/registrar server, or an LDAP directory server.
When systems are in an environment that does not have a fully deployed PKI, you do not need to create
and install these certificates because systems automatically generate self-signed certificates to establish
secure TLS connections. When a full PKI is deployed, however, self-signed certificates are not trusted
and CA-signed certificates must be used. The following sections describe how to generate and use
certificates by using the system web interface.
Related Links
Configure Certificate Validation Settings
Install Certificates on page 110
Configure 802.1x Authentication

Certificate Signing Requests

The RealPresence Group Series system lets you install one client and one server certificate so that
network peers can identify the system. Each of these certificates require a CSR. Also known as an
unsigned certificate, a CSR must be submitted to a CA to be signed, after which the certificate can be
installed on your system.
Related Links
Security Certificates for RealPresence Touch
Certificate Revocation on page 111
Related Links
Configure Certificate Validation Settings
Install Certificates on page 110
Configure the CRL Method
Configure 802.1x Authentication
Polycom, Inc.
on page 100
on page 109
on page 100
on page 224
on page 109
on page 112
on page 100
Securing the System
105