How Certificates are Used

RealPresence Group Series systems can generate CSRs to send to a certificate authority (CA). (A CA is a trusted entity that officially issues, or signs, digital certificates.) Once signed by the CA, you can install the certificate on the system for its TLS connections.

Systems support, and typically require, two certificates when used in an environment with fully deployed PKI:
  • Server certificate: The system's web server presents this certificate after receiving connection requests from browsers attempting to connect to the system's web interface.

  • Client certificate: The system presents this to authenticate its identity while trying to connect to a remote server. Examples of remote servers include the RealPresence Resource Manager system, a SIP proxy/registrar server, or an LDAP directory server.

When systems are in an environment that does not have a fully deployed PKI, you do not need to create and install these certificates because systems automatically generate self-signed certificates to establish secure TLS connections. When a full PKI is deployed, however, self-signed certificates are not trusted and CA-signed certificates must be used. The following sections describe how to generate and use certificates by using the system web interface.