Create a Certificate Signing Request

You generate a certificate signing request directly from the Polycom device.

By default, the phone requests a 2048-bit certificate with 'sha256WithRSAEncryption' as the signature algorithm. You can use OpenSSL or another certificate signing request utility if you require a stronger certificate.

Polycom supports the use of Subject Alternative Names (SAN) with TLS security certificates. Polycom does not support the use of the asterisk (*) or wildcard characters in the Common Name field of a Certificate Authority's public certificate. If you want to enter multiple hostnames or IP addresses on the same certificate, use the SAN field.

You must have a provisioning server in place before generating the certificate signing request.

Procedure

  1. Navigate to Settings > Advanced > Admin Settings > Generate CSR.
  2. When prompted, enter the administrative password and press Enter.

    The default administrative password is 456.

  3. From the Generate CSR Screen, fill in the Common Name field - the Organization, Email Address, Country, and State fields are optional.
  4. Press Generate.

    A message “CSR generation completed” displays on the phone's screen. The MAC.csr (certificate request) and MAC-private.pem (private key) are uploaded to the phone's provisioning server.

  5. Forward the CSR to a Certificate Authority (CA) to create a certificate.

    If your organization doesn't have its own CA, you need to forward the CSR to a company like Symantec.