Certificate Requirements - Polycom RealPresence 4000 Administrator's Manual

RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator's Guide
•
The certificate template used by your CA server may need modification to meet the
Collaboration Server requirements.

Certificate Requirements

Secure Mode
Table F-3 on page
validation for user logging session field.
Ultra Secure Mode
In Ultra Secure Mode, each Polycom device must have security certificates for the entire
Chain Of Trust.
The Collaboration Server must have:
•
The public certificates of the chain that issued the administrator's identity certificate. For
example: UserRootCA  UserIntermediateCA  UserSubCA
For more information seethe Ultra Secure Mode chapter, "Certificate Validation" on page
and "Certificate Revocation" on page 1-15.
Configure Certificate Management
Within a PKI environment, certificate revocation policies are used to ensure that certificates
are valid. Certificates can expire or be revoked for various reasons (RFC 5280).
The Collaboration Server enforces these certificate revocation policies through Certificate
Revocation Lists (CRLs). CRLs are required for each CA Chain in use by the Collaboration
Server. These CRL files must be kept current. For more information see the Ultra Secure Mode
chapter, "Certificate Configuration and Management" on page
Infrastructure" on page 1-5.
Switching to Secure Mode
The following operations are required to switch the RMX to Secure Mode:
•
•
•
F-2
Support of Extended Key Usage (EKU) for both:
— Client Authentication
— Server Authentication
F-4 summarizes certificate requirements depending on the Skip certificate
The public certificate of each server in the CA Chain or hierarchy that issued its
certificate.
For example: RootCA  IntermediateCA  SubCA
Purchase and Install the SSL/TLS certificate
Modify the Management Network settings
Create/Modify the relevant System Flags
F-1 and "(PKI) Public Key
Polycom, Inc.
1-12