Polycom RMX 1500, DOC2702A (PKI) Public Key Infrastructure

Polycom RealPresence Collaboration Server (RMX) 1500/2000/4000 Administrator’s Guide

F-8 Polycom, Inc.

It is important to verify that the external database application is operating in secure mode

before enabling secure external database communications on the MCU. The MCU checks the

validity of external database’s certificate before communicating. If there is a certificate error

an Active Alarm is raised with Error in external database certificate in the description field.

To enable secure MCU Communications with an External Database:

4Set the MCU to communicate with the database server via port 443 by setting the value

of the System Flag EXTERNAL_DB_PORT in system.cfg to 443.

For more information see "Modifying System Flags” on page 22-1.

(PKI) Public Key Infrastructure

PKI (Public Key Infrastructure) is a set of tools and policies deployed to enhance the security

of data communications between networking entities.

The implementation of PKI on the MCU has been enhanced to ensure that all networked

entities are checked for the presence of unique certificates by implementing the following

rules and procedures during the TLS negotiation:

• The MCU identifies itself with the same certificate when operating as a server and as a

client.

• The MCU’s management applications: RealPresence Collaboration Server Web Client and

RMX Manager, identify themselves with certificates.

• While establishing the required TLS connection, there is an exchange of certificates

between all entities.

• Entities such as CMA and DMA that function as both client and server within the

Management Network identify themselves with the same certificate for both their client

and server functions.

The following diagram illustrates the certificate exchange during the TLS connection

procedure.