Polycom 3725-76302-001LI manual How Certificates Are Used by the Polycom DMA System

How Certificates Are Used by the Polycom DMA System

The Polycom DMA system uses X.509 certificates in the following ways:

1When a user logs into the Polycom DMA system’s browser-based management interface, the Polycom DMA system (server) offers an X.509 certificate to identify itself to the browser (client).

The Polycom DMA system’s certificate must have been signed by a certificate authority (see “Certificate Procedures” on page 42).

The browser must be configured to trust that certificate authority (beyond the scope of this documentation).

If trust can’t be established, most browsers allow connection anyway, but display a ‘nag’ dialog to the user, requesting permission.

2When the Polycom DMA system connects to a Microsoft Active Directory server, it may present a certificate to the server to identify itself.

If Active Directory is configured to require a client certificate (this is not the default), the Polycom DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface. Active Directory must be configured to trust the certificate authority, or it rejects the certificate and the connection fails.

3When the Polycom DMA system connects to a Microsoft Exchange server (if the calendaring service is enabled; see “Microsoft Exchange Server Integration” on page 180), it may present a certificate to the server to identify itself.

Unless the Allow unencrypted calendar notifications from Exchange server security option is enabled (see “Security Settings” on page 48), the Polycom DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface. The Microsoft Exchange server must be configured to trust the certificate authority. Otherwise, the Microsoft Exchange Server integration status (see “Dashboard” on page 352) remains Subscription pending indefinitely, the Polycom DMA system does not receive calendar notifications, and incoming meeting request messages are only processed approximately every 4 minutes.

4When the Polycom DMA system connects to an RMX MCU configured for secure communications (this is not the default), a certificate may be used to identify the RMX MCU (server) to the Polycom DMA system (client).

5When performing call signaling requiring TLS, the Polycom DMA system presents its certificate to the connecting client (one-way TLS). Unless the Skip certificate validation for encrypted signaling security option is enabled (see “Security Settings” on page 48), the system uses the installed CA certificates to authenticate the connecting client’s certificate as well (mTLS or two-way TLS).