Configuring Certificates

The Polycom RealPresence DMA Edge system uses certificates in the following ways:
  • The Polycom RealPresence DMA system presents its certificate to the remote end. For example:
    • When a user logs into the RealPresence DMA system’s browser-based management interface,the RealPresence DMA system offers a certificate to identify itself to the browser (client).

      The RealPresence DMA system’s certificate must have been signed by a certificate authority and the browser must be configured to trust that certificate authority.

      If trust cannot be established, most browsers allow connection anyway, but display a dialog to the user, requesting permission.

    • When the RealPresence DMA system connects to a Microsoft Active Directory server, it may present a certificate to the server to identify itself.

      If Active Directory is configured to require a client certificate (this is not the default), the RealPresence DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface. Active Directory must be configured to trust the certificate authority, or it rejects the certificate and the connection fails.

    • When the RealPresence DMA system connects to a Microsoft Exchange server (if the calendaring service is enabled), it may present a certificate to the server to identify itself.

      Unless the Allow unencrypted calendar notifications from Exchange server security option is enabled, the RealPresence DMA system offers the same SSL server certificate that it offers to browsers connecting to the system management interface. The Microsoft Exchange server must be configured to trust the certificate authority. Otherwise, the Microsoft Exchange Server integration status remains Subscription pending indefinitely, the Polycom RealPresence DMA system does not receive calendar notifications, and incoming meeting request messages are only processed approximately every 4 minutes.

  • The RealPresence DMA system validates the certificate of a remote server. For example:
    • When the RealPresence DMA system connects to a Polycom MCU configured for secure communications, a certificate may be used to identify the MCU (server) to the RealPresence DMA system (client). This can be configured in the RealPresence DMA system.
    • When performing call signaling requiring TLS, the RealPresence DMA system presents its certificate to the connecting client (one-way TLS). If the Require mutual authentication (validation of client certificates) SIP Settings option is enabled, the both ends validate each other’s certificates (mutual TLS).
  • The RealPresence DMA system validates the certificate of a client. For example:
    • For incoming SIP connections, the RealPresence DMA system may check the client’s certificate. This can be configured in the RealPresence DMA system (see Selecting a Security Mode).