Configure Certificate Validation Options
The system can automatically validate user-installed certificates when establishing an authenticated
network connection.
To perform this validation, you must install certificates from the CAs that are part of the trust chain on the
system.
For a full list of preinstalled certificates on your system, see the
Poly VideoOS and TC8 Certificates
Update
.
Procedure
1.
In the system web interface, go to
Security
>
Certificates
.
2.
Configure the following settings (your changes save automatically):
Setting
Description
Maximum Peer Certificate Chain Depth
Specifies how many links a certificate chain can
have. The term
peer certificate
refers to any
certificate sent by the far-end host when a network
connection is being established between the two
systems.
Always Validate Peer Certificates From Server
Determines whether your system requires a remote
server to present a valid certificate when
connecting to it for services, such as provisioning.
Always Validate Peer Certificates From Browser
Determines whether your system requires a web
browser to present a valid certificate when
connecting to it.
Note:
If you are using private PKI certificates in
your environment and want HTTPS
software downloads to work, you must
install the trusted root certificate from
your internal certificate authority (CA) on
the system since certificate validation is
always performed.
Disable Preinstalled Certificates
Disables preinstalled root certificate CA chains.
Install a Certificate
Once you receive a signed certificate from the CA that processed your CSR, you can install it on your
system.
Note:
System certificates must be created on the Poly system and signed by an external CA before
installation. Externally created device certificates won't work properly.
This option isn’t available if your certificate is provisioned to the system.
Securing the System
55