We recently upgraded our internal CA to use SHA2 and added an intermediate cert.
We are unable to login to Skype for Business using the SHA2 cert in our QA environment which is also using SHA2 certs. Our clients work fine, but the VVX phones will not register.
I've manually loaded the entire cert chain to the VVX and we are still seeing issues.
Has anyone upgraded to SHA2 and introduced an intermediate cert? Did your VVX phones have issues registering to Skype? Any advice?
We have not updated our Skype OAUTH cert yet because that will update everywhere in our Skype environment.
UC Software Version 126.96.36.1996
Updater Version 188.8.131.520
We do have a provisioning server.
Any help is greatly appreciated.
welcome back to the Polycom Community.
SHA2 is supported but without any logs or in parallel a wireshark trace to see the exchange we cannot help you on this issue.
You can post logs / wireshark traces here but for Polycom to help this needs to come into support.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services
Main log entry that repeats is:
0206180411|sip |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=20
0206180411|sip |4|00|MakeTlsConnection: SSL_connect error 1
0206180411|sip |4|00|MakeTlsConnection: connection failed error -1
I will open a ticket with support to continue working on this. I just wasn't sure if someone who has been in this situation could potentially give me a push in the right direction.
We don't use an intermediary with our internal CA. When we had to renew our internal CA cert we added the new and old CA Cert via config file to all our phones.
We added the new one to CA 7 and the old one to CA 5 on the phones, only use CA 7 if you have no older Polycom SIP phones or they have different config files. So you would have three certs CA 6 is managed automatically if you have PIN auth setup.
Attached JPEG for referance.
Try with these logs:
Settings > Logging > Global Settings > Global Log Level Limit > Debug
Settings > Logging > Global Settings > Global Log Level Limit > Log File Size (Kbytes) > VVX pr = 1000 or Trio 10000
Settings > Logging > Module Log Level Limits > SIP > Debug
Settings > Logging > Module Log Level Limits > CURL > Event 1
Supply them to support once you ensured its not an issue on your end.