Deployment Guide for the Polycom CX700 IP Phone
2.If the search for Active Directory objects of category CertificationAuthority does not return any objects, or if the objects have empty caCertificate attributes, the device searches for Active Directory objects of category pKIEnrollmentService in the configuration naming context. Such objects exist if certificate AutoEnrollment was enabled in Active Directory. If the search returns any objects, it will use the dNSHostName attribute returned to reference the CA and it will then use the Web interface of the Microsoft Certificates Service to retrieve the Root CA certificate by using the HTTP GET command http://<dNSHostname>/certsrv/certnew.p7b?ReqID=CACert&Renewa
If neither of these methods succeeds, the device displays the error message “Cannot validate server certificate” and the user is unable to use the device.
Polycom CX700 Phone Certificates
The following is a list of considerations for issuing certificates to the Polycom CX700 phone.
•By default, the uses Transport Layer Security (TLS) and Secure
—Requirement: Trust certificates presented by Office Communications Server 2007 R2 and Exchange Server 2007 server.
—Requirement: Root certification authority (CA) chain certificate resides on the device.
•No manual installation of certificate on device is possible.
•Options:
—Use public certificates
—Preloaded public certificates on device
—Use of enterprise certificates
—Receive the Root CA chain from the network
Enterprise Root CA Chain
The Polycom CX700 phone can find the certificate by using either the public key infrastructure (PKI) PKI
•Enable PKI
—Device makes an LDAP request to find pKIEnrollmentService/CA server address and eventually download the certificate over HTTP to Windows CA /certsrv site by using the users credentials.
•Use certutil
8