Deployment Guide for the Polycom CX700 IP Phone

2.If the search for Active Directory objects of category CertificationAuthority does not return any objects, or if the objects have empty caCertificate attributes, the device searches for Active Directory objects of category pKIEnrollmentService in the configuration naming context. Such objects exist if certificate AutoEnrollment was enabled in Active Directory. If the search returns any objects, it will use the dNSHostName attribute returned to reference the CA and it will then use the Web interface of the Microsoft Certificates Service to retrieve the Root CA certificate by using the HTTP GET command http://<dNSHostname>/certsrv/certnew.p7b?ReqID=CACert&Renewa l=-1&Enc=b64.

If neither of these methods succeeds, the device displays the error message “Cannot validate server certificate” and the user is unable to use the device.

Polycom CX700 Phone Certificates

The following is a list of considerations for issuing certificates to the Polycom CX700 phone.

By default, the uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP).

Requirement: Trust certificates presented by Office Communications Server 2007 R2 and Exchange Server 2007 server.

Requirement: Root certification authority (CA) chain certificate resides on the device.

No manual installation of certificate on device is possible.

Options:

Use public certificates

Preloaded public certificates on device

Use of enterprise certificates

Receive the Root CA chain from the network

Enterprise Root CA Chain

The Polycom CX700 phone can find the certificate by using either the public key infrastructure (PKI) PKI auto-enrollment object in Active Directory Domain Services or through a well-known distinguished name (DN).

Enable PKI auto-enrollment through Enterprise CA.

Device makes an LDAP request to find pKIEnrollmentService/CA server address and eventually download the certificate over HTTP to Windows CA /certsrv site by using the users credentials.

Use certutil -f -dspublish .cer file location" RootCA to upload certificates to the Configuration NC.

8

Page 14
Image 14
Polycom 1725-31424-001 manual Polycom CX700 Phone Certificates