• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hello,

 

We recently upgraded our internal CA to use SHA2 and added an intermediate cert.

 

We are unable to login to Skype for Business using the SHA2 cert in our QA environment which is also using SHA2 certs.  Our clients work fine, but the VVX phones will not register.

I've manually loaded the entire cert chain to the VVX and we are still seeing issues.

 

Has anyone upgraded to SHA2 and introduced an intermediate cert?  Did your VVX phones have issues registering to Skype?  Any advice?

 

We have not updated our Skype OAUTH cert yet because that will update everywhere in our Skype environment.

 

For reference:

 

VVX Software:

UC Software Version 5.4.3.2036

Updater Version 5.6.3.1790

We do have a provisioning server.

 

Any help is greatly appreciated.

 

Thanks

Sean

 

 

4 REPLIES 4
HP Recommended

Hello @Sean_Stanley66,

welcome back to the Polycom Community.

SHA2 is supported but without any logs or in parallel a wireshark trace to see the exchange we cannot help you on this issue.

 

You can post logs / wireshark traces here but for Polycom to help this needs to come into support.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thanks, Steffen.

 

Main log entry that repeats is:

 

0206180411|sip  |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=20
0206180411|sip  |4|00|MakeTlsConnection: SSL_connect error 1
0206180411|sip  |4|00|MakeTlsConnection: connection failed error -1

 

I will open a ticket with support to continue working on this.  I just wasn't sure if someone who has been in this situation could potentially give me a push in the right direction.

 

Thanks

Sean

HP Recommended

Sean,

We don't use an intermediary with our internal CA.  When we had to renew our internal CA cert we added the new and old CA Cert via config file to all our phones.

 

We added the new one to CA 7 and the old one to CA 5 on the phones, only use CA 7 if you have no older Polycom SIP phones or they have different config files.  So you would have three certs CA 6 is managed automatically if you have PIN auth setup. 

 

Attached JPEG for referance.

 

HP Recommended

Hello @Sean_Stanley66,

Try with these logs:

 

Settings > Logging > Global Settings > Global Log Level Limit > Debug
Settings > Logging > Global Settings > Global Log Level Limit > Log File Size (Kbytes) > VVX pr = 1000 or Trio 10000
Settings > Logging > Module Log Level Limits > SIP > Debug
Settings > Logging > Module Log Level Limits > CURL > Event 1

 

Supply them to support once you ensured its not an issue on your end.

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.