Chapter 23 - Ultra Secure Mode
Polycom, Inc. 23-11
For backward compatibility, with previous versions, either SHA-1 or SHA-256
can be selected as the hash algorithm used in the creation of CSRs (Certificate
Signing Requests).
5 Click Send Certificate.
For all certificates, both Management and SIP TLS:
• Once the certificate is sent a message is displayed indicating successful installation of
the certificate and the new certificate replaces the old certificate.
• If the certificate installation fails the old certificate continues to function and a message
is displayed indicating one of the following the reasons for the failure:
— Invalid password.
— Certificate expired.
— Certificate DNS name does not match RMX (service) DNS name.
— Chain is not trusted
— General - <Error message from the SSL library>.
Certificate Validation
The credentials of each certificate received from a networked peer are verified against a
repository of trusted certificates. Each networked entity contains a repository of trusted
certificates. The digital signature of the certificate’s issuing authority is checked along with
the certificate’s expiration date.
Validation of peer SIP TLS certificates against one or several installed CA certificates can be
enabled or disabled for the Default Management and each defined IP Service by selecting or
clearing the Skip certificate validation check box.