PKI Certificates

If your organization uses a public key infrastructure (PKI) for securing network connections, Poly recommends that you have a strong understanding of certificate management and how it applies to your system.

PKI certificates authenticate secure network connections to and from the system. The system uses standard PKI techniques to configure and manage certificates and certificate signing requests (CSRs). ANSI X.509 standards regulate the certificate characteristics.

Your system can generate CSRs to send to a certificate authority (CA), a trusted entity that validates and officially issues, or signs, PKI certificates. Your system uses those certificates for client and server authentication.

If your system is in an environment without PKI, you don’t need a CA-signed certificate; the system comes with a self-signed certificate for its TLS connections. When you deploy PKI, however, self-signed certificates aren’t trusted and you must use CA-signed certificates.

Root certificates installed on your system automatically transfer to a paired TC8 device. If you delete root certificates from the system, they’re automatically deleted from the TC8. System certificates are unique to each system and don’t transfer to paired devices.

Here are some examples of how you use PKI certificates:

  • If your environment uses the 802.1X authentication framework for wired connections, create a CSR and install the resulting CA-signed certificate on your system so it’s trusted on the network.
  • If you want to navigate with a browser over a secure connection to your system web interface, create a CSR and install the resulting CA certificate chain on your system to replace its factory-installed certificate, which isn’t trusted.
  • Provisioning your system using RealPresence Resource Manager in a secure environment.
    Note: Your system must have a Host Name in this situation.