Configuring Certificate Validation Settings; Configuring Certificate Revocation Settings - Polycom RealPresence Group 550 Administrator's Manual

Administrator's Guide for the Polycom RealPresence Group Series
When you add a CA certificate to the RealPresence Group system, the certificate becomes trusted for the
purpose of validating peer certificates.
If you do not add the server certificate for the RealPresence Group system before using the web
interface, you might receive error messages from your browser stating that the security certificate for
the web site "Polycom" cannot be verified. Most browsers allow the user to proceed after this warning
is displayed. See the Help section of your browser for instructions on how to do this.

Configuring Certificate Validation Settings

Certificates are authorized externally when they are signed by the CA. The certificates can be automatically
validated when they are used to establish an authenticated network connection. To perform this validation,
the RealPresence Group system must have certificates installed for all CAs that are part of the trust chain.
A trust chain is the hierarchy of CAs that have issued certificates from the device being authenticated,
through the intermediate CAs that have issued certificates to the various CAs, leading back to a root CA,
which is a known trusted CA. The following sections describe how to install and manage these certificates.
A certificate exchange is between a server and a client, both of which are peers. When a user is accessing
the RealPresence Group system web interface, the RealPresence Group system is the server and the web
browser is the client application. In other situations, such as when the RealPresence Group system
connects to LDAP directory services, the RealPresence Group system is the client and the LDAP directory
server is the server.
To configure certificate usage:
1 Go to Admin Settings > Security > Certificates > Certificate Options.
2 Configure these settings on the Certificates screen and click Save.
Setting
Maximum Peer Certificate
Chain Depth
Always Validate Peer
Certificates from Browser
Always Validate Peer
Certificates from Server

Configuring Certificate Revocation Settings

When certificate validation is enabled (refer to
RealPresence Group system tries to validate the peer certificate chain on secure connection attempts for
the applicable network services.
Part of the validation process includes a step called revocation checking. This type of check involves
consulting with the CA that issued the certificate in question to see whether the certificate is still active or
has been revoked for some reason. Revoked certificates are considered invalid because they might have
been compromised in some way or improperly issued, or for other similar reasons. The CA is responsible
Polycom, Inc.
Description
Specifies how many links a certificate chain can have. The term peer
certificate refers to any certificate sent by the far-end host to the
RealPresence Group system when a network connection is being established
between the two systems.
Controls whether the RealPresence Group system requires a browser to
present a valid certificate when it tries to connect to the web interface.
Controls whether the RealPresence Group system requires the remote server
to present a valid certificate when connecting to it for services such as those
listed for client-type CSRs in
on page 118 (provisioning, directory, SIP, and so forth).
Configuring Certificate Validation Settings
Generating Certificate Signing Requests (CSRs)
Security
on page 121), the
121