In the previous blog post, we covered the details of deploying 802.1x EAP-TLS on Polycom VVX phones using Cisco 2960X switch and Windows NPS RADIUS server. Deploying device certificates manually on the phones can be a time consuming process especially for high security environments when a unique device certificate is required for each phone. With the release of UCS5.9.3 firmware in June this year, Polycom VVX phones now support Simple Certificate Enrollment Protocol SCEP for easy requesting and assigning devices certificates for 802.1x EAP-TLS authentication. This blog post builds upon the same lab environment of the previous post but describes in detail how to add and deploy SCEP. |
SCEP Feature: Enable
SCEP URL: http://<SCEPServer>/certsrv/mscep/ (Please don't forget the final '/' in the URL or SCEP will fail)
Challenge Password: <As shown in the SCEP server web page> (This can only be used once and is valid for 1 hour)
Common Name: <UPN of the AD account of the phone>
Organization: <Your organization>
Email address: <Same as Common Name>
State and Country: <Your State and Country>
Example screen is shown below:
802.1X Auth: Enable
EAP Method: EAP-TLS
Identity: <SCEP Service Account>
Password: <Blank>
Example screen shot is shown below: