Polycom 1500 Server User Manual


  Open as PDF
of 1124
 
Chapter 23 - Ultra Secure Mode
Polycom, Inc. 23-5
Certificate Management
(PKI) Public Key Infrastructure
PKI (Public Key Infrastructure) is a set of tools and policies deployed to enhance the security
of data communications between networking entities.
The implementation of PKI on the Collaboration Server has been enhanced to ensure that all
networked entities are checked for the presence of unique certificates by implementing the
following rules and procedures during the TLS negotiation:
The Collaboration Server identifies itself with the same certificate when operating as a
server and as a client.
The Collaboration Server’s management applications: RP Collaboration Server Web Client
and RMX Manager, identify themselves with certificates.
While establishing the required TLS connection, there is an exchange of certificates
between all entities.
Entities such as CMA and DMA that function as both client and server within the
Management Network identify themselves with the same certificate for both their client
and server functions.
•A single Certificate Repository is maintained for:
The Management Network Service.
SIP TLS Personal Certificates for each defined IP Network Service.
Trusted (CA) certificate for all TLS connections.
CRL for all TLS connections.
SIP TLS certificates are validated against the CA.
SIP TLS certificates are managed using CRL and Online Certificate Status Protocol
(OCSP).
Certificate revocation mode, whether by OCSP or CRL is managed using the i
setting of the Management Network.
SIP TLS is managed using the General TLS setting.
The following certificate file formats are supported:
PEM
DER
PKCS#7/P7B
PKCS#12PFX