Certificate Settings System Security
Polycom, Inc. 39
Table 3-1 Fields on the Certificate Settings page
Column Description
Enable OCSP Enables the use of Online Certificate Status Protocol as
a means of obtaining the revocation status of a
certificate presented to the system.
If OCSP responder URL is not specified, the system
checks the certificate’s AuthorityInfoAccess (AIA)
extension fields for the location of an OCSP responder:
•If there is none, the certificate fails validation.
•Otherwise, the system sends the OCSP request to
the responder identified in the certificate.
If OCSP responder URL is specified, the system sends
the OCSP request to that responder.
The responder returns a message indicating whether
the certificate is good, revoked, or unknown.
If OCSP certificate is specified, the response message
must be signed by the specified certificate’s private key.
OCSP responder URL Identifies the responder to be used for all OCSP
requests, overriding the AIA field values.
If OCSP certificate is specified, the response message
must be signed by the specified certificate’s private key.
OCSP certificate Select a certificate to require OCSP response
messages to be signed by the specified certificate’s
private key.
Store OCSP
Configuration Saves the OCSP configuration.
Identifier Common name of the certificate.
Purpose Kind of certificate:
•Server SSL is the DMA system’s public certificate,
which it presents to identify itself. By default, this is
a self-signed certificate, not trusted by other
devices.
•Trusted Root CA is the root certificate of a certificate
authority that the DMA system trusts.
•Intermediate CA is a CA certificate that trusted root
CAs issue themselves to sign certificate signing
requests (reducing the likelihood of their root
certificate being compromised). If the DMA system
trusts the root CA, then the chain consisting of it, its
intermediate CA certificates, and the server
certificate will all be trusted.
Expiration Expiration date of certificate.