System Security
Polycom, Inc. 51
Skip validation of certificates
received while making outbound
connections
Normally, when the Polycom RealPresence DMA system connects to a
server, it validates that server’s certificate.
This option configures the system to accept any certificate presented to it
without validating it.
We recommend using valid certificates for all servers that the system may
need to contact rather than enabling this option. Depending on system
configuration, this may include:
MCUs
Active Directory
Exchange
RealPresence Resource Manager system
Other RealPresence DMA systems
Endpoints
Note: Either the Common Name (CN) or Subject Alternate Name (SAN) field
of the server’s certificate must contain the address or host name specified for
the server in the Polycom RealPresence DMA system.
Polycom MCUs don't include their management IP address in the SAN field of
the CSR (Certificate Signing Request), so their certificates identify them only
by the CN. Therefore, in the Polycom RealPresence DMA system, a Polycom
MCU's management interface must be identified by the name specified in the
CN field (usually the FQDN), not by IP address.
Similarly, an Active Directory server certificate often specifies only the FQDN.
So in the Polycom RealPresence DMA system, identify the enterprise
directory by FQDN, not by IP address.
Unlock SIP Settings mutual
authentication option on the
Signaling Settings page
Normally, during encrypted call signaling (SIP over TLS), the Polycom
RealPresence DMA system requires the remote party (endpoint or MCU) to
present a valid certificate. This is known as mutual TLS.
When enabled, this check box unlocks the Require mutual authentication
(validation of client certificates) option for SIP signaling on the Signaling
Settings page, allowing you to disable the mutual TLS requirement for SIP
signaling.
Polycom recommends recommend installing valid certificates on your
endpoints and MCUs rather than enabling this option.
Allow non-conference participants
to receive conference events
The SIP SUBSCRIBE/NOTIFY conference notification service (as described
in RFCs 3265 and 4575), allows SIP devices to subscribe to a conference and
receive conference rosters and notifications of conference events. Normally,
the subscribing endpoints are conference participants.
This option configures the system to let devices subscribe to a conference
without being participants in the conference.
Note: A subscription to a conference by a non-participant consumes a call
license. Call history doesn’t include data for non-participant subscriptions.
Field Description