User`s guide

ManualsBrandsReal Tone Technologies ManualsComputer equipmentRS530

201

202

203

204

205

206

207

208

209

210

Security

Polycom, Inc. 8–29

You can select a certificate in the list to view its contents. You can also remove

a certificate from the list by clicking Remove.

When you add a CA certificate to the HDX system, the certificate becomes

trusted for the purpose of validating peer certificates.

Using Certificate Signing Requests (CSRs)

The HDX system allows you to install one client and one server certificate for

identification of the HDX system to network peers. Whether you need these

client-type or server-type identity certificates depends on which HDX features

and services you intend to use, and whether your network environment

supports certificate-based authentication for those services.

For example, if your HDX system is configured to use the following features,

you might need to create a client-type CSR and add the resulting certificate

approved by the CA:

• Provisioning

• CMA or RealPresence Resource Manager System Monitoring

• Directory

• Presence

• Calendaring

• SIP

• 802.1X

Only the HDX web server uses the server-type CSR and resulting certificate.

That is, the server certificate does not validate the client identity on the HDX

system, but it does identify the HDX system to the browser. You need the

server certificate if, as the browser user, you want to be certain about the

identity of the HDX system you're connecting to. Settings in the web browser

typically validate the server certificate, but you can also validate the certificate

manually.

The following applications are either disabled in Security Mode, or do not use

digital certificates:

• Telnet

• H.323

• Global Management System™

If your HDX system uses features that require certificates and does not have

the certificates installed, you must first create a CSR. You can create one client

and one server CSR and submit each to the appropriate CA for signing. After

the CSR is signed by a CA, it becomes a certificate you can add to the HDX

system. If you create additional client or server CSRs on the HDX system, they

replace the existing CSR of the same type.

If you do not add the certificates for the HDX system before using the HDX web

interface, you might receive error messages from your browser stating that the

security certificate for the web site “Polycom” cannot be verified.