Polycom 1725-31424-001 사용자 설명서
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment
7
• TLS (Transport Layer Security) and MTLS (Mutual Transport Layer
Security) enable endpoint authentication and instant messaging (IM)
encryption. Media streams are encrypted by using Secure Real-time
Transport Protocol (SRTP).
Transport Protocol (SRTP).
These fundamental elements work together to define trusted users, servers,
and connections. The resulting trust relationships provide the foundation on
which the complete Microsoft Office Communications Server 2007 R2 security
framework is built.
and connections. The resulting trust relationships provide the foundation on
which the complete Microsoft Office Communications Server 2007 R2 security
framework is built.
Root CA Certificate for the Polycom CX700 Phone
Microsoft Office Communications Server 2007 R2 relies on certificates to
authenticate servers and to establish a chain of trust between clients and
servers and among the different server roles. By default, communication
between the Polycom CX700 phone and Office Communications Server 2007
R2 is encrypted by using TLS and SRTP. Therefore, the device must be able to
trust certificates presented by Office Communications Server 2007 R2 servers.
A means must always exist for the VoIP client to create the TLS secured
connection that is required for audio communication on the network.
authenticate servers and to establish a chain of trust between clients and
servers and among the different server roles. By default, communication
between the Polycom CX700 phone and Office Communications Server 2007
R2 is encrypted by using TLS and SRTP. Therefore, the device must be able to
trust certificates presented by Office Communications Server 2007 R2 servers.
A means must always exist for the VoIP client to create the TLS secured
connection that is required for audio communication on the network.
Publicly Hosted Certificate Authority Solution
If Microsoft Office Communications Server 2007 R2 servers use public
certificates, the certificates will most likely be automatically trusted by the
device, because the device contains the same list of trusted CAs as Windows
CE. The table at the end of this topic lists the public certificates that are trusted
by the Polycom CX700 phone.
certificates, the certificates will most likely be automatically trusted by the
device, because the device contains the same list of trusted CAs as Windows
CE. The table at the end of this topic lists the public certificates that are trusted
by the Polycom CX700 phone.
Privately Hosted Certificate Authority Solution
Most Microsoft Office Communications Server 2007 R2 deployments use
internal certificates for the internal Office Communications Server 2007 R2
server roles. In these types of deployments, the Root CA certificate must be
internal certificates for the internal Office Communications Server 2007 R2
server roles. In these types of deployments, the Root CA certificate must be
installed from the internal CA to the device. Because you cannot manually
install the Root CA certificate on the device, the certificate must be
install the Root CA certificate on the device, the certificate must be
downloaded to the device through the network.
The Polycom CX700 phone downloads the certificate using the following
methods:
The Polycom CX700 phone downloads the certificate using the following
methods:
1.
The device searches for Active Directory directory objects of category
certificationAuthority. If the search returns any objects, the device will
certificationAuthority. If the search returns any objects, the device will
use the attribute caCertificate. This attribute is assumed to hold the
certificate and the device will install the certificate.
The Root CA certificate must be published in the caCertificate for the
certificate and the device will install the certificate.
The Root CA certificate must be published in the caCertificate for the
Polycom CX700 phone. To place the Root CA certificate in the caCertificate
attribute, use the following command:
attribute, use the following command:
certutil -f -dspublish <Root CA certificate in .cer file> RootCA.