Appendix F-Secure Communication Mode
Polycom, Inc. F-5
4 Click the Send Certificate button to send the certificate to the MCU.
The MCU validates the certificate.
— If the certificate is not valid, an error message is displayed.
— If the certificate matches the private key, and the task is completed, a confirmation
message indicating that the certificate was created successfully is displayed.
A System Restart is not required at this point.
The certificate expiry date is checked daily. An active alarm is raised two weeks before
the certificate is due to expire, stating the number of days to expiry.
If the certificate expires, the MCU continues to work in secure mode and an Active
Alarm is raised with Security mode failed – Certificate expired in the description field.
Creating/Modifying System Flags
The following System Flags in system.cfg control secure communications.
Appendix F, “System Flags” , below, lists both flags and their settings.
If the System Flag, RMX_MANAGEMENT_SECURITY_PROTOCOL does not exist in the system, it
must be created by using the RMX Setup menu.
For more information see "Modifying System Flags” on page 22-1.
The MCU must be restarted for modified flag settings to take effect.
Enabling Secure Communication Mode
After the SSL/TLS Certificate is installed, secure communications are enabled by modifying
the properties of the Management Network in the Management Network properties dialog box.
When Secure Communications Mode is enabled:
•Only https:// commands from the browser to the Control Unit IP Address of the
MCU are accepted.
• The MCU listens only on secured port 443.
• All connection attempts on port 80 are rejected.
Certificates are deleted when an administrator performs a Restore Factory Defaults with the
Comprehensive Restore option selected.
Table F-3 System Flags
Flag Description
Enter the protocol to be used for secure communications.
Default: TLSV1_SSLV3 (both).
Default for U.S. Federal licenses: TLSV1.
EXTERNAL_DB_PORT The external database server port used by the MCU to send and
receive XML requests/responses.
For secure communications set the value to 443.
Default: 5005.