Polycom 1725-31424-001 manual Root CA Certificate for the Polycom CX700 Phone

Page 13

Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment

TLS (Transport Layer Security) and MTLS (Mutual Transport Layer Security) enable endpoint authentication and instant messaging (IM) encryption. Media streams are encrypted by using Secure Real-time Transport Protocol (SRTP).

These fundamental elements work together to define trusted users, servers, and connections. The resulting trust relationships provide the foundation on which the complete Microsoft Office Communications Server 2007 R2 security framework is built.

Root CA Certificate for the Polycom CX700 Phone

Microsoft Office Communications Server 2007 R2 relies on certificates to authenticate servers and to establish a chain of trust between clients and servers and among the different server roles. By default, communication between the Polycom CX700 phone and Office Communications Server 2007 R2 is encrypted by using TLS and SRTP. Therefore, the device must be able to trust certificates presented by Office Communications Server 2007 R2 servers. A means must always exist for the VoIP client to create the TLS secured connection that is required for audio communication on the network.

Publicly Hosted Certificate Authority Solution

If Microsoft Office Communications Server 2007 R2 servers use public certificates, the certificates will most likely be automatically trusted by the device, because the device contains the same list of trusted CAs as Windows CE. The table at the end of this topic lists the public certificates that are trusted by the Polycom CX700 phone.

Privately Hosted Certificate Authority Solution

Most Microsoft Office Communications Server 2007 R2 deployments use internal certificates for the internal Office Communications Server 2007 R2 server roles. In these types of deployments, the Root CA certificate must be installed from the internal CA to the device. Because you cannot manually install the Root CA certificate on the device, the certificate must be downloaded to the device through the network.

The Polycom CX700 phone downloads the certificate using the following methods:

1.The device searches for Active Directory directory objects of category certificationAuthority. If the search returns any objects, the device will use the attribute caCertificate. This attribute is assumed to hold the certificate and the device will install the certificate.

The Root CA certificate must be published in the caCertificate for the Polycom CX700 phone. To place the Root CA certificate in the caCertificate attribute, use the following command:

certutil -f -dspublish <Root CA certificate in .cer file> RootCA.

7

Image 13
Contents Deployment Guide for the Polycom CX700 IP Phone Trademark Information About This Guide Deployment Guide for the Polycom CX700 IP Phone Contents Deployment Guide for the Polycom CX700 IP Phone Page Dhcp Search Options Dhcp and the Polycom CX700 IP PhonePolycom CX700 Phone Querying DNS and the Polycom CX700 IP PhoneExchange Server 2007 Autodiscover Service Polycom CX700 Phone Querying of Exchange Server NTP and the Polycom CX700 IP PhoneNTP Time Provider Server Security Framework Overview Root CA Certificate for the Polycom CX700 Phone Polycom CX700 Phone Certificates Trusted Authorities Cache Vendor Certificate Name Expiry Date Key Length Polycom CX700 Phone on Assumptions and Terminology IntroductionPage Deployment Guide for the Polycom CX700 IP Phone Background \Pool01Data\ClientUpdateStore\DeviceUpdates Page Action Examples / Comments Contoso.com\userAlias instead of just Contoso\userAlias Spnego Polycom CX700 Phone Upgrade Steps Summary Deployment Guide for the Polycom CX700 IP Phone Set Environmental Dependencies Polycom CX700 Phone Upgrade Steps DetailsConfigure Dhcp DNS Configure Certificates Upload certificate chain Use the Automated Method Page Verify Internal and External Download URLs ?xml version=1.0 ? Response Upgrade Polycom CX700 Phones from 1.0.199.123 to Cab File Deployment Guide for the Polycom CX700 IP Phone Upgrade Polycom CX700 Phones from 1.0.522.101 to Phone will reset and go to the calibration screen Page Deployment Guide for the Polycom CX700 IP Phone Troubleshooting the Polycom CX700 Phone Logs Used for Troubleshooting Internal External When to Use Dhcp OptionDeployment Guide Polycom CX700 Configuring Windows Server as an NTP Time Source Net stop w32time && net start w32time Enabling Automatic Certificate Enrollment For Windows Select CN=Configuration,DC=yourDomain,DC=com Deployment Guide Polycom CX700 Confirming the Current Software Version Deployment Guide Polycom CX700