[asterisk-users] CA Issued Certificates / TLS + SRTP
Daniel Pocock
daniel at readytechnology.co.uk
Wed Feb 1 02:36:22 CST 2012
>>>>> * And, is it necessary to use both my server specific certificate and
>>>>> the intermediate certificate on the telephones or will the telephones
>>>>> only require the server specific certificate?
>>>> The phones should already have the root certificate for Geotrust, you
>>>> should not deploy intermediate roots into the phones if you can
>>>> avoid it
>>> If I understand this correctly (and the other emails you sent), the
>>> Polycom does not need any preloaded certificates / keys, it will ask the
>>> CA and then evaluate the certificate provided by Asterisk during TLS
>>> setup; is that correct? Makes it much easier. (Unfortunately my Polycom
>>> is a bit old so I will have to see if I can upgrade it.)
By `preloaded', I mean you should not have to load any certificates or
key pairs manually into the phones
The phones should have the default CA certs that come in the firmware
Most recent Polycom phones also have a client certificate and private
key built in. This allows you to secure the provisioning process.
Some of the older Polycoms went end-of-life, some don't have client
certs built in, so you'll have to research all that carefully on their
support site. E.g. the IP 300, IP 430 and IP 500 are too old for proper
TLS, while the IP321, IP 450 and IP550 are good
More information about the asterisk-users
mailing list