beautypg.com

Polycom 1725-31424-001 User Manual

Page 14

background image

Deployment Guide for the Polycom CX700 IP Phone

8

2.

If the search for Active Directory objects of category
CertificationAuthority does not return any objects, or if the objects have

empty caCertificate attributes, the device searches for Active Directory
objects of category pKIEnrollmentService in the configuration naming

context. Such objects exist if certificate AutoEnrollment was enabled in
Active Directory. If the search returns any objects, it will use the
dNSHostName attribute returned to reference the CA and it will then use
the Web interface of the Microsoft Certificates Service to retrieve the Root
CA certificate by using the HTTP GET command
http:///certsrv/certnew.p7b?ReqID=CACert&Renewa

l=-1&Enc=b64

.

If neither of these methods succeeds, the device displays the error message
“Cannot validate server certificate” and the user is unable to use the device.

Polycom CX700 Phone Certificates

The following is a list of considerations for issuing certificates to the Polycom
CX700 phone.

By default, the uses Transport Layer Security (TLS) and Secure Real-time

Transport Protocol (SRTP).
Requirement: Trust certificates presented by Office Communications

Server 2007 R2 and Exchange Server 2007 server.

Requirement: Root certification authority (CA) chain certificate

resides on the device.

No manual installation of certificate on device is possible.

Options:

Use public certificates
Preloaded public certificates on device

Use of enterprise certificates
Receive the Root CA chain from the network

Enterprise Root CA Chain

The Polycom CX700 phone can find the certificate by using either the public

key infrastructure (PKI) PKI auto-enrollment object in Active Directory
Domain Services or through a well-known distinguished name (DN).

Enable PKI auto-enrollment through Enterprise CA.

Device makes an LDAP request to find pKIEnrollmentService/CA

server address and eventually download the certificate over HTTP to
Windows CA /certsrv site by using the users credentials.

Use certutil -f -dspublish .cer file location" RootCA to upload certificates

to the Configuration NC.

See also other documents in the category Polycom Phones: