User`s guide
Administrator’s Guide for Polycom HDX Systems
8–32 Polycom, Inc.
To configure OCSP on the Polycom HDX web interface:
1 Go to Admin Settings > General Settings > Security > Revocation.
2 Configure the following settings on the Revocation screen:
Deleting Certificates and CRLs
In some cases, expired certificates or CRLs might prevent you from accessing
the web interface. You can use the local interface to reset your system without
certificates, to restore access to the web interface.
To delete all certificates and CRLs the HDX system is using:
1 In the local interface, go to System > Diagnostics > Reset System.
2 Enter your system’s Serial Number.
3 Enable the Delete Certificates field.
4 Select Reset System.
The HDX system restarts after deleting all installed certificates and CRLs.
Setting Description
Revocation Method Specifies whether to use CRL or OSCP for
revocation.
Allow Incomplete
Revocation Checks
When this field is enabled, the HDX system
requests the revocation status from the OCSP
responder.
• If the OCSP responds that the status is
unknown or if no response is received for any
certificate in the chain, the system continues
checking and accepts the connection if no
other validation errors occur.
• If the OCSP responder indicates a known
revoked status, the HDX system does not allow
the connection.
• If the OCSP responder indicates a known good
status, the HDX system allows the connection.
Global Responder Address Specifies the URI of the responder that services
OCSP requests (for example,
http://responder.example.com/ocsp
). This
responder is used for all OCSP validation
Use Responder Specified
in Certificate
In some cases, the certificate itself includes the
responder address. When this field is enabled, the
HDX system uses the address in the certificate
(when present) instead of the Global Responder
Address specified in the previous field.