Support User Manuals

Polycom 3725-76302-001O Microscope & Magnifier User Manual

Open as PDF

of 425

System Security

Polycom, Inc. 53

Skip certificate validation for

server connecting

Normally, when the Polycom RealPresence DMA system connects to a

server, it validates that server’s certificate.

This option configures the system to accept any certificate presented to it

without validating it.

We recommend using valid certificates for all servers that the system may

need to contact rather than enabling this option. Depending on system

configuration, this may include:

MCUs

Active Directory

Exchange

RealPresence Resource Manager or CMA system

Other RealPresence DMA systems

Endpoints

Note: Either the Common Name (CN) or Subject Alternate Name (SAN) field

of the server’s certificate must contain the address or host name specified for

the server in the Polycom RealPresence DMA system.

Polycom MCUs don't include their management IP address in the SAN field of

the CSR (Certificate Signing Request), so their certificates identify them only

by the CN. Therefore, in the Polycom RealPresence DMA system, a Polycom

MCU's management interface must be identified by the name specified in the

CN field (usually the FQDN), not by IP address.

Similarly, an Active Directory server certificate often specifies only the FQDN.

So in the Polycom RealPresence DMA system, identify the enterprise

directory by FQDN, not by IP address.

Allow certificate validation

skipping for encrypted signaling

Normally, during encrypted call signaling (SIP over TLS), the Polycom

RealPresence DMA system requires the remote party (endpoint or MCU) to

present a valid certificate. This is known as mTLS or two-way TLS.

This option configures the system to accept any certificate (or none).

We recommend installing valid certificates on your endpoints and MCUs

rather than enabling this option.

Allow non conference participants

to receive conference events

The SIP SUBSCRIBE/NOTIFY conference notification service (as described

in RFCs 3265 and 4575), allows SIP devices to subscribe to a conference and

receive conference rosters and notifications of conference events. Normally,

the subscribing endpoints are conference participants.

This option configures the system to let devices subscribe to a conference

without being participants in the conference.

Note: A subscription to a conference by a non-participant consumes a call

license. Call history doesn’t include data for non-participant subscriptions.

Field Description

previous next