Polycom 3725-76302-001LI manual Install a Certificate Authority’s Certificate

Note

If you’re configuring the Polycom DMA system to support Polycom’s solution for the Microsoft OCS or Lync environment, you can use Microsoft’s Certificate Wizard to request and obtain a PFX file (a password-protected PKCS12 file containing a private key and public key for the system, and the CA’s certificate).

Once you have the PFX file, you’re ready to install it.

See Polycom’s solution deployment guide for information about using the Certificate Wizard and other steps needed to implement the solution.

Install a Certificate Authority’s Certificate

This procedure is not necessary if you obtain a certificate chain that includes a signed certificate for the Polycom DMA system, your certificate authority’s public certificate, and any intermediate certificates.

Use this procedure to add a trusted certificate authority, either an in-house or commercial CA.

Caution

Installing or removing certificates requires a system restart and terminates all active conferences.

When you install or remove a certificate, the change is made to the certificate store immediately, but the system can’t implement the change until it restarts and reads the changed certificate store.

For your convenience, you’re not required to restart and apply a change immediately. This permits you to perform multiple installs or removals before restarting and applying the changes. But when you’re finished making changes, you must select Restart to Apply Saved Changes to restart the system and finish your update. Before you begin, make sure there are no active conferences and you’re prepared to restart the system when you’re finished.

To install a certificate for a trusted root CA

1Go to Admin > Local Cluster > Certificates.

The installed certificates are listed. The Trusted Root CA entries, if any, represent the certificate authorities whose public certificates are already installed on the DMA system and are thus trusted.

2If you’re using a certificate authority that isn’t listed, obtain a copy of your certificate authority’s public certificate.

The certificate must be either a single X.509 certificate or a PKCS#7 certificate chain. If it’s ASCII text, it’s in PEM format, and starts with the text -----BEGINCERTIFICATE-----. If it’s a file, it can be either PEM or DER encoded.

3In the Actions list, select Add Certificates.