Certificates

Use security certificates when deploying a solution to ensure the integrity and privacy of communications involving Poly devices.

Poly phones come with an authenticated, built-in device certificate. You can also choose to customize your security by requesting additional certificates from a certificate authority of your choice.

You can customize security configuration options to determine the type of device certificate used for each secure communication option. By default, all operations use the factory-installed device certificate unless you specify otherwise.

Note: You can install custom device certificates on your phones in the same way you install custom CA certificates. For more information, see Technical Bulletin 17877: Using Custom Certificates With Polycom Phones at Polycom Support.
You phone uses certificates in the following situations:
  • Mutual TLS authentication - The server can verify that a device is truly a Poly device and not a malicious endpoint or software masquerading as a Poly device.

    Use this option for provisioning or SIP signaling using TLS signaling. For example, certain partner provisioning systems and Polycom Zero Touch Provisioning (ZTP) use mutual TLS.

  • Secure HTTP (HTTPS) - Access to the web server on the phone at https://<IP ADDRESS OF PHONE> .

    The phone uses the web server for certain configuration and troubleshooting activities.

  • Polycom applications API - Provides secure communications.
You can configure the following options for two platform device certificates and six application device certificates on the phone:
  • 802.1X authentication
  • Provisioning
  • Syslog
  • SIP signaling
  • Browser communications
  • Presence
  • LDAP
Note: You must apply platform device certificates for syslog, 802.1X, and provisioning using TLS platform profiles, but you can’t use TLS application profiles to applied certificates for those options.