Filter
Top Products
Security Certificates Overview System Security
Polycom, Inc. 37
How Certificates Are Used by the Polycom DMA System
The Polycom DMA system uses X.509 certificates in the following ways:
1 When a user logs into the Polycom DMA system’s browser-based
management interface, the Polycom DMA system (server) offers an X.509
certificate to identify itself to the browser (client).
The Polycom DMA system’s certificate must have been signed by a
certificate authority (see “Certificate Procedures” on page 42).
The browser must be configured to trust that certificate authority (beyond
the scope of this documentation).
If trust can’t be established, most browsers allow connection anyway, but
display a ‘nag’ dialog to the user, requesting permission.
2 When the Polycom DMA system connects to a Microsoft Active Directory
server, it may present a certificate to the server to identify itself.
If Active Directory is configured to require a client certificate (this is not
the default), the Polycom DMA system offers the same SSL server
certificate that it offers to browsers connecting to the system management
interface. Active Directory must be configured to trust the certificate
authority, or it rejects the certificate and the connection fails.
3 When the Polycom DMA system connects to a Microsoft Exchange server
(if the calendaring service is enabled; see
“Microsoft Exchange Server
Integration”
on page 180), it may present a certificate to the server to
identify itself.
Unless the Allow unencrypted calendar notifications from Exchange
server security option is enabled (see “Security Settings” on page 48), the
Polycom DMA system offers the same SSL server certificate that it offers
to browsers connecting to the system management interface. The
Microsoft Exchange server must be configured to trust the certificate
authority. Otherwise, the Microsoft Exchange Server integration status
(see “Dashboard” on page 352) remains Subscription pending
indefinitely, the Polycom DMA system does not receive calendar
notifications, and incoming meeting request messages are only processed
approximately every 4 minutes.
4 When the Polycom DMA system connects to an RMX MCU configured
for secure communications (this is not the default), a certificate may be
used to identify the RMX MCU (server) to the Polycom DMA system
(client).
5 When performing call signaling requiring TLS, the Polycom DMA system
presents its certificate to the connecting client (one-way TLS). Unless the
Skip certificate validation for encrypted signaling security option is
enabled (see “Security Settings” on page 48), the system uses the installed
CA certificates to authenticate the connecting client’s certificate as well
(mTLS or two-way TLS).