• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

 

Could you please add the Identrust root CA "DST Root CA X3" to the next firmware updates?

 

https://www.identrust.com/certificates/trustid/root-download-x3.html

 

This root is being used to cross-sign the Let's Encrypt certificates that many people are now using:

https://letsencrypt.org/certificates/

 

Full details from this root:

 

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
Validity
Not Before: Sep 30 21:12:19 2000 GMT
Not After : Sep 30 14:01:15 2021 GMT
Subject: O=Digital Signature Trust Co., CN=DST Root CA X3

7 REPLIES 7
HP Recommended

Hello pocock,

This is not how this works.


The community's VoIP FAQ contains this post here:

Jan 03, 2013 Question: How can I request a change to the current Polycom SIP / UCS Software?

Resolution: Please check => here <=

 

You need a feature request.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

pocock,

 

You can issue a PGS ticket as a "request", however, they may not have more information about this. My suggestion is to add the certificate yourself to the phone.  You can automate this with centralized provisioning practices, or by installing the CA certificate manually from the phone or phone webserver.  There are additional resources regarding Polycom and Certificate management that are helpful (see references below).

 

From a centralized provisioning perspective, you can set device.sec.TLS.customCaCert1 - The admin guides go over this in much detail, there are multiple configs you can add to get exactly what you need done.

 

As a side note, some Polycom SPIP & SSIP models (spip 300,301,320/330,430,500,501,600,601, SSIP 4000) will not have the capability of establishing a secure connection to a server with SHA256 signed certificates (This is what Let's Encrypt uses).

 

SPIP 321/331,335,450,550,560,650,670 and SSIP 5000/6000/7000 may have their firmware upgraded to at least 4.0.7 or higher to gain SHA256 support.  

 

Polycom VVX models are not impacted.

 

 

References

 * SHA1 Deprecation Impacts

 * Polycom Certificate Updates for Polycom UC Software 4.0.9

 * Polycom Certificate Updates for Polycom® UC Software 5.4.0

 * Polycom Device Certificates on Polycom® Phones

 * Additional SPIP/SSIP/VVX Documentation and Firmware

 

 

 

 

HP Recommended

 

Hi Steffen,

 

Thanks for your reply

 

For something like this it is probably a good idea to just go ahead and get it into the firmware, waiting for people to go through the bureaucracy of contacting resellers may only mean waiting longer for it to be resolved.  Being a SIP software developer myself, I can say with some confidence that the time taken communicating through these steps would appear to be disproportionate to the effort it takes for a developer to simply add the root certificate.

 

I have tested installing the certificate manually and it works

 

Regards,

 

Daniel

HP Recommended

Hello Daniel,

this is a very good idea in an ideal world but you are only seeing this from your side.

 

The list of enhancements is so long, something like this asked by one user only is at the very bottom of this.

 

If you really think you need this I can only ask you to go through via the official channel.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Hello Daniel,

 

please watch out for VOIP-122131 in future release notes.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Was this ever added? I can't find the list of supported Certificate Authorities for v5.8.0, only 5.7.0.

 

Also, the inability to disable CA checking entirely is a big problem, since wildcard certificates are *also* not supported.

 

There's three ways to get configuration pushed with encryption on multi-tenant deployments, and all of them don't work.

 

1) Use Let's Encrypt certificates for each deployment

 

2) Disable CA validtion entirely

 

3) Support wildcard certificates.

 

Since *none* of these methods are supported, it means we have to send configuration information across the internet without encryption, in 2018. That's *really* bad.

 

The lack of full support for wildcard certificates is also a big issue. This means we have to issue individual certificates for every instance, and keep them updated. The FAQ still states that wildcard certificates are "partly" working after disabling all common name checks, but it's explicitly states that they are neither supported or tested.

 

 

HP Recommended

Hello @humanism,

 

welcome to the Polycom Community.


The DST Root CA X3 was added in the following software version:

 

  1. UC Software 4.0.12 or later
  2. UC Software 4.1.9 or later
  3. UC Software 5.2.6 or later
  4. UC Software 5.3.4 or later
  5. UC Software 5.4.7 or later

This is also part of the 5.8.0 release

 

DST Root CA X3 2048 bit sha1WithRSAEncryption Sep 30 21:12:19 2000 GMT Sep 30 14:01:15 2021 GMT


If you are missing a certain feature or ability please work with a Polycom sales engineer or a Polycom reseller.

 

This requires a business case etc. and is all explained here:

 

Jan 03, 2013 Question: How can I request a change to the current Polycom SIP / UC Software?

Resolution: Please check => here <=


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.