Polycom RealPresence Group 550 Administrator's Manual page 119

Administrator's Guide for the Polycom RealPresence Group Series
the RealPresence Group system. Whether you need to generate a client-type CSR, a server-type CSR, or
both depends on which features and services you intend to use, and whether your network environment
supports certificate-based authentication for those services. In most cases, both certificates are needed.
For example, if your RealPresence Group system is configured to use any of the following features, and the
servers providing those services perform certificate-based authentication before allowing access to them,
you must create a client-type CSR and add the resulting certificate signed by the CA:
● RealPresence Resource Manager system Provisioning
● RealPresence Resource Manager system Monitoring
● RealPresence Resource Manager system LDAP Directory
● RealPresence Resource Manager system Presence
● Calendaring
● SIP
● 802.1X
The RealPresence Group system web server uses the server-type CSR and resulting certificate whenever
a user attempts to connect to the RealPresence Group system web interface. The web server does so by
presenting the server certificate to the browser to identify the system to the browser as part of allowing the
browser to connect to the system. The browser's user needs the server certificate if he or she wants to be
certain about the identity of the RealPresence Group system he or she is connecting to. Settings in the web
browser typically control the validation of the server certificate, but you can also validate the certificate
manually.
To obtain a client or server certificate, you must first create a CSR. You can create one client and one server
CSR and submit each to the appropriate CA for signing. After the CSR is signed by a CA, it becomes a
certificate you can add to the RealPresence Group system.
To create a CSR:
1 Go to Admin Settings > Security > Certificates > Certificate Options.
2 Click Create for the type of CSR you want to create, Signing Request Server or Signing Request
Client. The procedure is the same for server and client CSRs.
3 Configure these settings on the Create Signing Request page and click Create.
Setting
Hash Algorithm
Common Name (CN)
Organizational Unit (OU)
Organization (O)
City or Locality (L)
Polycom, Inc.
Description
Specifies the hash algorithm for the CSR. You may select SHA-256 or keep the
default SHA-1.
Specifies the name that the system assigns to the CSR.
Polycom recommends the following guidelines for configuring the Common Name:
• For systems registered in DNS, use the Fully Qualified Domain Name (FQDN)
of the system.
• For systems not registered in DNS, use the IP address of the system.
Specifies the unit of business defined by your organization.
Specifies your organization's name.
Specifies the city where your organization is located.
Security
119