Custom Certificates
Note
Local
Local Phone User
Interface
Incoming Signaling Validation
Central
Configuration File:
sip.cfg
(provisioning
server)
Secure Real-Time Transport Protocol
The phone trusts certificates issued by widely recognized certificate
authorities when trying to establish a connection to a provisioning server for
application provisioning. Refer to
C-1.
In addition, custom certificates can be added to the phone. This is done by
using the SSL Security menu on the phone to provide the URL of the custom
certificate then select an option to use this custom certificate.
For more information on using custom certificates, refer to "Technical Bulletin
17877: Using Custom Certificates With SoundPoint IP Phones" at
http://www.polycom.com/support/voice/soundpoint_ip/VoIP_Technical_Bulletins_pu
b.html
.
Configuration changes can be performed locally:
The custom certificate can be specified and the type of certificate to
trust can be set under the Settings menu.
The three optional levels of security for validating incoming network signaling
are:
•
Source IP address validation
•
Digest authentication
•
Source IP address validation and digest authentication
Configuration changes can be performed centrally at the provisioning server:
Specify the type of validation to perform on a request-by-request
basis, appropriate to specific event types in some cases.
•
For more information, refer to
<requestValidation/>
Secure Real-Time Transport Protocol (SRTP) provides means of encrypting the
audio stream(s) of VoIP phone calls to avoid interception and eavesdropping
on phone calls. Both RTP and RTCP signaling may be encrypted using an AES
algorithm as described in RFC3711. When this feature is enabled, phones will
negotiate with the other end-point whether and what type of encryption or
Trusted Certificate Authority List
Request Validation
on page A-19.
Configuring Your System
on page
4 - 93