Certificate Revocation - Polycom G7500 Administrator's Manual

Hide thumbs Also See for G7500:

Reference manual (103 pages)

User manual (42 pages)

Release notes (14 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

Table of Contents

Certificate Revocation

During certificate validation, your G7500 system checks whether certificates used for secure

communications are revoked by their issuing CAs.

Your system can check certificate revocation status with one of the following standard methods:

•

Certificate Revocation List (CRL): File containing a list of certificates revoked by their issuing CA.

You must manually upload CRLs to your system.

•

Online Certificate Status Protocol (OCSP): Your system contacts an OCSP responder, a web

server that provides revocation status through a query/response exchange.

Manually Upload a CRL

You can use CRLs to perform certificate revocation checks on your G7500 system.

Uploading a CRL fails unless you install all of the certificates in the issuing CA's chain of trust for that

CRL.

This option is not available if your CRL is provisioned to the system.

Procedure

1. In the system web interface, go to Security > Certificates.

2. Configure the following settings:

Setting

Revocation Method

Allow Incomplete Revocation Checks

3. Select Save.

4. Select Upload CRL File to add a CRL.

You aren't limited to how many CRLs you can install, but you can only upload 10 at a time.

Successfully-uploaded CRLs display on the page and include information about the issuing CA, when the

CRL was updated, and when it's scheduled to update again.

Delete a CRL

You can remove CRLs that were previously uploaded on the G7500 system.

This option is not available if your CRL is provisioned to the system.

Procedure

1. In the system web interface, go to Security > Certificates.

2. Under Revocation, select Trash

Configure the OCSP Method

You can use the OCSP method to perform certificate revocation checks on your G7500 system.

Procedure

1. In the system web interface, go to Security > Certificates.

2. Configure the following settings:

Polycom, Inc.

Description

To use the CRL revocation method, select CRL.

When enabled, a certificate in the chain of trust

validates without a revocation check if no

corresponding CRL from the issuing CA is installed.

next to the CRL you want to delete.

Securing the System

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Certificate Revocation - Polycom G7500 Administrator's Manual

Certificate Revocation

Hide quick links:

Related Manuals for Polycom G7500

Related Content for Polycom G7500

Table of Contents