4. Select Create.
If the system successfully creates the CSR, it automatically downloads the file.
5. Send the CSR file to a CA, which issues your signed certificate.
Configure Certificate Validation Options
The G7500 and Studio X series system can automatically validate user-installed certificates when
establishing an authenticated network connection.
To perform this validation, you must install certificates from the CAs that are part of the trust chain on
the G7500 and Studio X series system.
For a full list of preinstalled certificates on your system, see the
Poly VideoOS, TC10, and TC8
Certificates Update
on the Poly Online Support Center.
1. In the system web interface, go to Security > Certificates.
2. Configure the following settings (your changes save automatically):
Setting Description
Maximum Peer Certificate Chain Depth Specifies how many links a certificate chain can have.
The term
peer certificate
refers to any certificate sent
by the far-end host when a network connection is being
established between the two systems.
Always Validate Peer Certificates From Server
Determines whether your system requires a remote
server to present a valid certificate when connecting to
it for services, such as provisioning.
Always Validate Peer Certificates From Browser
Determines whether your system requires a web browser
to present a valid certificate when connecting to it.
NOTE: If you are using private PKI certificates in your
environment and want HTTPS software downloads to
work, you must install the trusted root certificate from your
internal certificate authority (CA) on the system since
certificate validation is always performed.
Disable Preinstalled Certificates
Disables preinstalled root certificate CA chains.
Install a Certificate
Once you receive a signed certificate from the CA that processed your CSR, you can install it on your
G7500 and Studio X series system.
NOTE: System certificates must be created on the Poly system and signed by an external CA
before installation. Externally created device certificates won't work properly.
This option isn’t available if your certificate is provisioned to the system.
1. In the system web interface, go to Security > Certificates.
2. Select the System tab or Connected Device tab.
3. Select Install Certificate to browse for the CA-signed certificate you want to install and select
Open.
Your system accepts the following certificate file formats: .pem, .der, and PKCS #7 (which
typically has a .p7b file name extension).
62
Chapter 7Securing the System
To Next Page
Loading...
Need help?
General
