Certificate Trust Policy Considerations

Last Updated : Apr 27, 2022 |

When considering a trust policy for IP Office, the following questions can be considered:

  • What international, national, corporate or other trust requirements exist?

  • Is there an existing trust/PKI infrastructure that IP Office should be part of?

  • Are IP Office services being exposed on public interfaces?

  • Are IP Office platform components deployed on unsecure platforms or environments?

  • Are IP Office clients/endpoints deployed on unsecure platforms or environments?

  • What are the trust requirements for 3rd party systems that connect to IP Office?

  • Is the ability to trust IP Office without administering certificates on clients/endpoints significant?

  • Is there a need for a separate management and telephony trust domain?

  • Which interfaces and services need to use trust checks and which do not?

  • Does trust need to be one-way (for example, client checks sever), or both-way (for example, client and server check each other)?

  • Is there a need to provide the extended trust checks of IP Office where all clients' certificates must be present in the TCS? This is useful when the PKI tree trust structure is insufficient.

  • How many ID certificates are required? At least one unique certificate per IP Office server, two if a separate telephony trust domain is needed.

  • How are certificates to be obtained, distributed and recovered?

  • What certificate renewal and distribution methods should be supported?

  • Is the CA able to provide the correct certificate content? For example Subject Alternative Name content

Related information
Determining Trust Policy