Contents

TLS line certificate concepts

You can configure the certificates that enable secure connections over SIP TLS lines.

TLS line certificates are signed by the CIC server's root certificate authority (CA) or a third-party CA. They are used to identify the CIC server when it connects to remote SIP devices via TLS.

In a switchover pair environment, you must import, on each switchover server, a special certificate that contains the domain name and a DHCP service record (SRV) so Polycom phones can be authenticated against both CIC servers. This special certificate is created by Setup Assistant and stored in the \server\ic\certificates\Lines folder.

A <Default Line Certificate> is automatically installed for you. The <Default Line Certificate> is signed by the CIC <Default Line Authority> CA. By default, this line certificate is used on single CIC servers that use the CIC certificate authority.

Note: You can optionally include a third-party certificate in a Windows certificate store in order to enable Windows to recognize that the certificate is trusted. If you do not include the certificate in a Windows certificate store, the certificate status in CIC indicates that the certificate is not trusted by Windows. However, this status does not affect the security of the CIC system.