Plantronics + Polycom. Now together as Poly Logo

[MOVED] Certificate Error

Occasional Contributor

[MOVED] Certificate Error

Hello

 

Can somebody please help in understanding this error message:

 

 

0508125213|sip |4|03|TLS-DSK: Setting of Client Certificate failed due to (33558531) error:02001003:system library:fopen:errno = 0x3
0508125213|sip |4|03|TLS-DSK: Setting of Client Private key failed due to (537346050) error:20074002:BIO routines:FILE_CTRL:system lib
 

Thanks

Message 1 of 12
11 REPLIES 11
Polycom Employee & Community Manager

Re: Certificate Error

Hello Christophe,

welcome back to the Polycom Community.

It is always useful to include the currently used software version as issue experienced may already be addressed in a newer release.

 

This also allows yourself and others to check against current software release notes.

 

In addition you may also provide some information on the Phone model that is being used and if this is a SIP or LYNC setup.

 

Usually the above is shown if the phone has not enough time for a certificate renewal.

 

What is the TTL value of client cert (validity) ?


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 12
Frequent Advisor

Re: Certificate Error

 Hi Zank,

 

did you solve this issue?

Message 3 of 12
Polycom Employee & Community Manager

Re: Certificate Error

Hello Ahmed,

just like the prior poster I can only advise you to provide at least some minimum information like currently used software version , the phone model and also the call platform.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 12
Frequent Advisor

Re: Certificate Error

Hi Steffen,

the customer had 2 models SPIP 321 and SPIP 650 and they were on the latest version 4.1.1 trying to register with Lync 2013 and it was giving the same error faced Zank

 

0508125213|sip |4|03|TLS-DSK: Setting of Client Certificate failed due to (33558531) error:02001003:system library:fopen:errno = 0x3
0508125213|sip |4|03|TLS-DSK: Setting of Client Private key failed due to (537346050) error:20074002:BIO routines:FILE_CTRL:system lib

 

When downgrade the phones to version 4.1.0 rev I the phone register successfully using the same certificate, so it looks like a bug in version 4.1.1

 

Kind regards

 

Message 5 of 12
Polycom Employee & Community Manager

Re: Certificate Error

Hello Ahmed,

I believe I am already dealing with Sriram on this and just updated your ticket. 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 6 of 12
Occasional Visitor

Re: Certificate Error

We are experiencing this exact same issue after upgrading our SP331/321s to Version 4.1.1.  We currently have a case open with PolyCom. We are using Lync 2013. Has anyone found a resolve or workaround for this issue? 

 

When using version 4.0.x, the phones will register and is able to make internal and external calls.  However when a call is made into out UM server from an external line, the phone rings but we are unable to answer the call.. 

 

Message 7 of 12
Polycom Employee & Community Manager

Re: Certificate Error

Hello ddaughty,

welcome to the Polycom Community.

UCS 4.1.1 added Pin Auth to several SPIP models and therefore the standard software setting for loginCredentialType is PinAuth.

 

You can use the below example to load as a configuration on your phone:

 

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!-- UCS Device Configuration file for Lync -->
<lyncPerPhoneLC device.set="1" device.baseProfile.set="1" device.baseProfile="Lync" 
device.sntp.serverName.set="1" device.sntp.serverName="pool.ntp.org"
reg.1.auth.loginCredentialType="usernameAndPassword" sec.TLS.profileSelection.SIP="ApplicationProfile1"
sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE----- ReplaceWithYouCert -----END CERTIFICATE-----" ></lyncPerPhoneLC>

 

Above set's the Phone into LYNC base profile and will allow you to add the credentials via the Web Interface or the phone GUI

 

LYNC_UsernameAuth.PNG

 

 

Another way is to provide the Username and details directly without setting LYNC Base Profile:

 

<?xml version="1.0" encoding="utf-8"?>
<!-- Example Per-phone Configuration File -->
<!-- $RCSfile$  $Revision: 135676 $ -->
<lyncPerPhoneLC device.set="1" device.sntp.gmtOffset="3600" device.sntp.gmtOffset.set="1" 
device.sntp.serverName="pool.ntp.org" device.sntp.serverName.set="1" dialplan.1.applyToForward="1"
reg.1.address="ReplaceWithYourUsername" reg.1.applyServerDigitMapLocally="1" reg.1.auth.domain=""
reg.1.auth.password="ReplaceWithYourPassword" reg.1.auth.userId="ReplaceWithYourUsername"
reg.1.auth.usePinCredentials="0" reg.1.auth.loginCredentialType="usernameAndPassword"
softkey.feature.simplifiedSignIn="1" reg.1.server.1.registerRetry.baseTimeout="10"
reg.1.server.1.registerRetry.maxTimeout="180" reg.1.server.1.specialInterop="lync2010"
reg.1.server.1.transport="TLS" reg.1.serverFeatureControl.cf="1" reg.1.serverFeatureControl.dnd="1"
reg.1.serverFeatureControl.localProcessing.cf="0" reg.1.serverFeatureControl.localProcessing.dnd="0"
reg.1.serverFeatureControl.signalingMethod="serviceMsForwardContact" roaming_buddies.reg="1"
call.enableOnNotRegistered="0" callLists.logConsultationCalls="1" dialplan.applyToDirectoryDial="1"
feature.messaging.enabled="1" feature.presence.enabled="1" sec.srtp.holdWithNewKey="0"
sec.srtp.key.lifetime="2^31" sec.srtp.mki.enabled="1" sec.srtp.mki.length="1"
sec.srtp.mki.startSessionAtOne="1" sec.srtp.resumeWithNewKey="0" tcpIpApp.ice.mode="MSOCS"
tcpIpApp.keepalive.tcp.sip.tls.enable="1" video.iFrame.delay="2" video.iFrame.onPacketLoss="1"
voice.audioProfile.G7221.24kbps.payloadType="112" voice.codecPref.G7221.24kbps="5"
voice.codecPref.G7221.32kbps="0" voIpProt.SIP.allowTransferOnProceeding="0" voIpProt.SIP.IM.autoAnswerDelay="40"
voIpProt.SIP.header.diversion.enable="1" voIpProt.offerFullCodecListUponResume="0" voIpProt.SIP.mtls.enable="0"
sec.TLS.profileSelection.SIP="ApplicationProfile1" sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE----- ReplaceWithYouCert -----END CERTIFICATE-----" serverAutoDiscovery="0" reg.1.server.1.address="ReplaceWithYourLYNCDomain" reg.1.server.1.port="5061"/>

 

Please reply with your case number so I can make my colleagues aware.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Occasional Visitor

Re: Certificate Error

RESOLVED: This FIXED my issue!!  We have been working on these two issues with these phone for almost two months with Polycom and our Lync Implementer sending numerous captures, Config Files and log files.... By chance I finally stumbled a crossed this forum.   I really appreciate your quick reply and fast resolve on this issue!  I am not the case owner for the Polycom SR that is open, The Case owner is sending the Polycom support Tech an email to notify him that the issue has finally been resolved! 

 

Once Again Thank You!

Message 9 of 12
Polycom Employee & Community Manager

Re: Certificate Error

Hello ddaughty,

 

please ensure to provide this information back to our support team in your region to avoid then "wasting" their time.

 

You can reference this post and myself so they are aware. The issue was introduced with UCS 4.1.1 released in June 05, 2014

 

Please mention VESC-4435.

 

Best Regards

 

Steffen Baier




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 10 of 12