[asterisk-users] CA Issued Certificates / TLS + SRTP

Stuart Elvish stuart.elvish at gmail.com
Wed Feb 1 03:58:39 CST 2012


Thanks for the clarification. I have looked at Polycom's website and
saw which phones have the latest firmware (or at least a firmware that
supports TLS) available.

Didn't get around to the testing with the chained certificate but will
try again this evening.



>
>>>>>> * And, is it necessary to use both my server specific certificate and
>>>>>> the intermediate certificate on the telephones or will the telephones
>>>>>> only require the server specific certificate?
>>>>> The phones should already have the root certificate for Geotrust, you
>>>>> should not deploy intermediate roots into the phones if you can
>>>>> avoid it
>>>> If I understand this correctly (and the other emails you sent), the
>>>> Polycom does not need any preloaded certificates / keys, it will ask the
>>>> CA and then evaluate the certificate provided by Asterisk during TLS
>>>> setup; is that correct? Makes it much easier. (Unfortunately my Polycom
>>>> is a bit old so I will have to see if I can upgrade it.)
>
>
>
> By `preloaded', I mean you should not have to load any certificates or
> key pairs manually into the phones
>
> The phones should have the default CA certs that come in the firmware
>
> Most recent Polycom phones also have a client certificate and private
> key built in.  This allows you to secure the provisioning process.
>
> Some of the older Polycoms went end-of-life, some don't have client
> certs built in, so you'll have to research all that carefully on their
> support site.  E.g. the IP 300, IP 430 and IP 500 are too old for proper
> TLS, while the IP321, IP 450 and IP550 are good
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list