Security Certificates Overview System Security
Polycom, Inc. 37
The Polycom DMA system uses X.509 certificates in the following ways:
1When a user logs into the Polycom DMA system’s browser-based
management interface, the Polycom DMA system (server) offers an X.509
certificate to identify itself to the browser (client).
The Polycom DMA system’s certificate must have been signed by a
certificate authority (see “Certificate Procedures” on page 42).
The browser must be configured to trust that certificate authority (beyond
the scope of this documentation).
If trust can’t be established, most browsers allow connection anyway, but
display a ‘nag’ dialog to the user, requesting permission.
2When the Polycom DMA system connects to a Microsoft Active Directory
server, it may present a certificate to the server to identify itself.
If Active Directory is configured to require a client certificate (this is not
the default), the Polycom DMA system offers the same SSL server
certificate that it offers to browsers connecting to the system management
interface. Active Directory must be configured to trust the certificate
authority, or it rejects the certificate and the connection fails.
3When the Polycom DMA system connects to a Microsoft Exchange server
(if the calendaring service is enabled; see “Microsoft Exchange Server
Integration” on page 180), it may present a certificate to the server to
identify itself.
Unless the Allow unencrypted calendar notifications from Exchange
server security option is enabled (see “Security Settings” on page 48), the
Polycom DMA system offers the same SSL server certificate that it offers
to browsers connecting to the system management interface. The
Microsoft Exchange server must be configured to trust the certificate
authority. Otherwise, the Microsoft Exchange Server integration status
(see “Dashboard” on page352) remains Subscription pending
indefinitely, the Polycom DMA system does not receive calendar
notifications, and incoming meeting request messages are only processed
approximately every 4 minutes.
4When the Polycom DMA system connects to an RMX MCU configured
for secure communications (this is not the default), a certificate may be
used to identify the RMX MCU (server) to the Polycom DMA system
(client).
5When performing call signaling requiring TLS, the Polycom DMA system
presents its certificate to the connecting client (one-way TLS). Unless the
Skip certificate validation for encrypted signaling security option is
enabled (see “Security Settings” on page 48), the system uses the installed
CA certificates to authenticate the connecting client’s certificate as well
(mTLS or two-way TLS).