Polycom RealPresence Group 550 Administrator's Manual page 122

Realpresence group series video conferencing system

Hide thumbs Also See for RealPresence Group 550:

Setup manual (2 pages)

System setup sheet (2 pages)

Quick start manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

Table of Contents

Administrator's Guide for the Polycom RealPresence Group Series

for maintaining the revocation status of every certificate that it issues. The RealPresence Group system can

check this revocation status by using either of the following methods:

● Certificate revocation lists (CRLs). A CRL is a list of certificates that have been revoked by the CA.

A CRL must be installed on the RealPresence Group system for each CA whose certificate has been

installed on the system.

● The Online Certificate Status Protocol (OCSP). OCSP allows the RealPresence Group system to

contact an OCSP responder, which is a network server that provides real-time certificate status

through a query/response message exchange.

You must configure the RealPresence Group system to use the revocation method most appropriate for

your environment.

To use CRLs:

1 Go to Admin Settings > Security > Certificates > Revocation.

2 Configure these settings on the Revocation page and click Save.

Setting

Revocation Method

Allow Incomplete

Revocation Checks

Add CRL

You can also view automatically and manually downloaded CRLs on this page. To remove a CRL from the

list, click Remove.

The RealPresence Group systems automatically download CRLs from the Certificate Authorities

(CAs) that make CRLs available for retrieval by HTTP.

However, for CAs that do not allow HTTP retrieval of CRLs, the RealPresence Group system

administrator is responsible for manually installing and updating CRLs ahead of their expiration. It is

extremely important that CRLs be kept up to date.

If the Always Validate Peer Certificates from Browsers setting is enabled and the expired CRL is

for a CA that is part of the trust chain for the client certificate sent by your browser, you will no longer

be able to connect to the RealPresence Group system web interface because the revocation check

will always fail. In this case, unless the RealPresence Group system web interface can be accessed

by a user whose client certificate's trust chain does not include the CA whose CRL is expired, you

must delete all certificates and CRLS from the system and then reinstall them. See the

Certificates and CRLs

To use OCSP:

1 Go to Admin Settings > Security > Certificates > Revocation.

Polycom, Inc.

Description

Select the CRL method.

When this field is enabled, a certificate in the chain is verified without a revocation

status check if no corresponding CRL for the issuing CA is installed.

The RealPresence Group system assumes that the lack of a CRL means the

certificate is not revoked. If a CRL is installed, the system performs a revocation

check when validating the certificate.

1 Click Browse to search for and select a CRL.

2 Click Open to add the CRL to the list.

on page 124 for more information.

Security

Deleting

122

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Realpresence group 700 Realpresence group 300 Realpresence group 500

Polycom RealPresence Group 550 Administrator's Manual page 122

Hide quick links:

Related Manuals for Polycom RealPresence Group 550

Related Products for Polycom RealPresence Group 550

This manual is also suitable for:

Table of Contents