Managing Certificates And Revocation; Generating Certificate Signing Requests (Csrs) - Polycom RealPresence Group 550 Administrator's Manual

Administrator's Guide for the Polycom RealPresence Group Series
● ID associated with the session, typically Admin or User
● Remote IP address (that is, the addresses of people logged in to the RealPresence Group system
from their computers)
To view the Sessions List:
» From the local interface, go to Settings > System Information > Diagnostics > Sessions.
» From the web interface, go to Diagnostics > System > Sessions.

Managing Certificates and Revocation

If your organization has deployed a public key infrastructure (PKI) for securing connections between
devices on your network, Polycom recommends that you have a strong understanding of certificate
management and how it applies to Polycom RealPresence Group Series products before you integrate
these products with the PKI.
Polycom RealPresence Group systems can use certificates to authenticate network connections to and
from the Polycom RealPresence Group system. Other web applications also use certificates, as you might
notice when you navigate the Internet. The system uses configuration and management techniques typical
of PKI to manage certificates, certificate signing requests, and revocation checking. ANSI X.509 standards
regulate the characteristics of certificates and revocation.
Polycom RealPresence Group systems can generate requests for certificates (CSRs) that can be then sent
to a certificate authority (CA) for official issuance. The CA is the trusted entity that issues, or signs, digital
certificates for others. Once signed by the CA, you can install the certificate on the RealPresence Group
system for use in all TLS connections used by the system.
RealPresence Group systems support, and typically require, the generation and use of two separate
certificates when used in an environment that has a fully deployed PKI:
1 A Server certificate—the RealPresence Group system's web server presents this certificate after
receiving connection requests from browsers attempting to connect to the RealPresence Group
system web interface.
2 A Client certificate—the RealPresence Group system presents this certificate to a remote server
when challenged to provide a certificate as part of authenticating the identity of the RealPresence
Group system before allowing it to connect to the remote server. Examples of remote servers
include the RealPresence
directory server.
When RealPresence Group systems are deployed in an environment that does not have a fully deployed
PKI, you do not need to install these certificates because all RealPresence Group systems automatically
generate self-signed certificates that can be used to establish secure TLS connections. However, when a
full PKI has been deployed, self-signed certificates are not trusted by the PKI and so signed certificates must
be used. The following sections describe how to generate and use certificates by using the Polycom
RealPresence Group system web interface.

Generating Certificate Signing Requests (CSRs)

The RealPresence Group system allows you to install one client and one server certificate for identification
of the RealPresence Group system to network peers. In order to obtain these certificates you must first
generate a Certificate Signing Request (CSR) for each certificate. This request, also known as an unsigned
certificate, must be submitted to a CA so that it can be signed, after which the certificate can be installed on
Polycom, Inc.
®
Resource Manager system, a SIP proxy/registrar server, or an LDAP
Security
118