>>>>> * And, is it necessary to use both my server specific certificate and >>>>> the intermediate certificate on the telephones or will the telephones >>>>> only require the server specific certificate? >>>> The phones should already have the root certificate for Geotrust, you >>>> should not deploy intermediate roots into the phones if you can >>>> avoid it >>> If I understand this correctly (and the other emails you sent), the >>> Polycom does not need any preloaded certificates / keys, it will ask the >>> CA and then evaluate the certificate provided by Asterisk during TLS >>> setup; is that correct? Makes it much easier. (Unfortunately my Polycom >>> is a bit old so I will have to see if I can upgrade it.)
By `preloaded', I mean you should not have to load any certificates or key pairs manually into the phones The phones should have the default CA certs that come in the firmware Most recent Polycom phones also have a client certificate and private key built in. This allows you to secure the provisioning process. Some of the older Polycoms went end-of-life, some don't have client certs built in, so you'll have to research all that carefully on their support site. E.g. the IP 300, IP 430 and IP 500 are too old for proper TLS, while the IP321, IP 450 and IP550 are good -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
