Polycom 3725-76302-001O Benutzerhandbuch
System Security
Polycom, Inc.
43
Certificate Settings
The following table describes the fields on the Certificate Settings page.
Column
Description
Enable OCSP
Enables the use of Online Certificate Status Protocol as a means of obtaining the
revocation status of a certificate presented to the system.
If OCSP responder URL is not specified, the system checks the certificate’s
AuthorityInfoAccess (AIA) extension fields for the location of an OCSP responder:
•
revocation status of a certificate presented to the system.
If OCSP responder URL is not specified, the system checks the certificate’s
AuthorityInfoAccess (AIA) extension fields for the location of an OCSP responder:
•
If there is none, the certificate fails validation.
•
Otherwise, the system sends the OCSP request to the responder identified in the
certificate.
certificate.
If OCSP responder URL is specified, the system sends the OCSP request to that
responder.
The responder returns a message indicating whether the certificate is good, revoked, or
unknown.
If OCSP certificate is specified, the response message must be signed by the specified
certificate’s private key.
responder.
The responder returns a message indicating whether the certificate is good, revoked, or
unknown.
If OCSP certificate is specified, the response message must be signed by the specified
certificate’s private key.
OCSP responder URL
Identifies the responder to be used for all OCSP requests, overriding the AIA field
values.
If OCSP certificate is specified, the response message must be signed by the specified
certificate’s private key.
values.
If OCSP certificate is specified, the response message must be signed by the specified
certificate’s private key.
OCSP certificate
Select a certificate to require OCSP response messages to be signed by the specified
certificate’s private key.
certificate’s private key.
Store OCSP
Configuration
Configuration
Saves the OCSP configuration.
Identifier Common
name
of the certificate.
Purpose Kind
of
certificate:
•
Server SSL is the RealPresence DMA system’s public certificate, which it presents to
identify itself. By default, this is a self-signed certificate, not trusted by other devices.
identify itself. By default, this is a self-signed certificate, not trusted by other devices.
•
Trusted Root CA is the root certificate of a certificate authority that the RealPresence
DMA system trusts.
DMA system trusts.
•
Intermediate CA is a CA certificate that trusted root CAs issue themselves to sign
certificate signing requests (reducing the likelihood of their root certificate being
compromised). If the RealPresence DMA system trusts the root CA, then the chain
consisting of it, its intermediate CA certificates, and the server certificate will all be
trusted.
certificate signing requests (reducing the likelihood of their root certificate being
compromised). If the RealPresence DMA system trusts the root CA, then the chain
consisting of it, its intermediate CA certificates, and the server certificate will all be
trusted.
Expiration Expiration
date of certificate.