This is part 2 of the previous blog post on how to deploy 802.1x EAP-TLS authentication on Polycom VVX phones using Cisco 2960X switch and Windows Server 2012 R2 NPS RADUIS. In this post, we continue to configure and obtain certificates for the VVX and connect the phone to the 802.1x enabled port on the switch to get EAP-TLS authentication and having been allowed, proceed to obtain an IP address from the Windows DHCP server. It's worthwhile to review the previous post before continue reading this post.
Next, we need to configure the Certificate Authority to issue certificates using the certificate template "User Signature". This is simple done by starting the CA MMC, right-click to "Certificate Templates" on the left pane and select New->Certificate Template to Issue" as shown below:
<!--Description: Phone will ignore software update notifications for software uploaded through Skype Control Panel. Phone will only upgrade through Provisioning Server or Web Admin Utility.-->
<ALL sec.uploadDevice.privateKey="1" />