Create a Certificate Signing Request

You can create server and client CSRs to identify your RealPresence Group Series system to your network peers.

Procedure

  1. In the system web interface, go to Admin Settings > Security > Certificates > Certificate Options.
  2. Click Create for the type of CSR you want to create, Signing Request Server or Signing Request Client.

    The procedure is the same for server and client CSRs.

  3. Configure these settings on the Create Signing Request screen and click Create.
    Setting Description
    Hash Algorithm Specifies the hash algorithm for the CSR. You may select SHA-256 or keep the default SHA-1.
    Common Name (CN) Specifies the name that the system assigns to the CSR.
    Polycom recommends the following guidelines for configuring the Common Name:
    • For systems registered in DNS, use the Fully Qualified Domain Name (FQDN) of the system.
    • For systems not registered in DNS, use the IP address of the system. Maximum Characters: 64; truncated if necessary. Default is blank
    Organizational Unit (OU) Specifies the unit of business defined by your organization. Default is blank. Maximum Characters: 64
    Note: The system supports only one OU field. If you want the signed certificate to include more than one OU field, you must download and edit the CSR manually.
    Organization (O) Specifies your organization's name. Default is blank. Maximum Characters: 64
    City or Locality (L) Specifies the city where your organization is located. Default is blank. Maximum Characters: 128
    State or Province (ST) Specifies the state or province where your organization is located. Default is blank. Maximum Characters: 128
    Country (C) Displays the country selected in Admin Settings > General Settings > My Information. Not editable.
    SAN: FQDN Specifies the FQDN assigned to the system. This is the same as the Common Name (CN), but is not truncated. Default is blank. Maximum Characters: 253
    SAN: Additional Name Specifies an additional name. Default is blank. Maximum Characters: 253
    SAN: IPv4 Address Default is the IPv4 address of system. Maximum Characters: 15
    SAN: IPv4 Address (DNS) Default is the IPv4 address of system. This field provides the IPv4 address in ASCII format, which is sometimes needed for MSFT server interoperability. Maximum Characters: 15
    SAN: IPv6 Global Address Default is the IPv6 Global Address of system. Maximum Characters: 40
    SAN: IPv6 Site Local Address Default is the IPv6 Site Local Address of system. Maximum Characters: 40
    SAN: IPv6 Link Local Address Default is the IPv6 Link Local Address of system. Maximum Characters: 40

A message indicating that the CSR is created displays. Two links appear next to the signing request that you just created (Signing Request Server or Signing Request Client).

  • Download Signing Request enables you to download the CSR so that it can be sent to a CA for signature.
  • Create enables you to view the fields of the CSR as they are currently set in the CSR. If you change any of the values you previously configured, you can click Create to generate a new CSR that can then be downloaded.
    Note: Only a single outstanding CSR of either type can exist at a time. After the CSR is generated, it is important to get it signed and installed before attempting to generate a different CSR of the same type. For example, if you generate a client CSR and then, prior to having it signed and installed on the system, another client CSR is generated, the previous CSR is discarded and invalidated, and any attempt to install a signed version of it will result in an error.