Plantronics + Polycom. Now together as Poly Logo

SHA2 Certificate Upgrade - Issues Registering to Skype for Business

Frequent Advisor

SHA2 Certificate Upgrade - Issues Registering to Skype for Business

Hello,

 

We recently upgraded our internal CA to use SHA2 and added an intermediate cert.

 

We are unable to login to Skype for Business using the SHA2 cert in our QA environment which is also using SHA2 certs.  Our clients work fine, but the VVX phones will not register.

I've manually loaded the entire cert chain to the VVX and we are still seeing issues.

 

Has anyone upgraded to SHA2 and introduced an intermediate cert?  Did your VVX phones have issues registering to Skype?  Any advice?

 

We have not updated our Skype OAUTH cert yet because that will update everywhere in our Skype environment.

 

For reference:

 

VVX Software:

UC Software Version 5.4.3.2036

Updater Version 5.6.3.1790

We do have a provisioning server.

 

Any help is greatly appreciated.

 

Thanks

Sean

 

 

Message 1 of 5
4 REPLIES 4
Polycom Employee & Community Manager

Re: SHA2 Certificate Upgrade - Issues Registering to Skype for Business

Hello @Sean.Stanley66,

welcome back to the Polycom Community.

SHA2 is supported but without any logs or in parallel a wireshark trace to see the exchange we cannot help you on this issue.

 

You can post logs / wireshark traces here but for Polycom to help this needs to come into support.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 5
Frequent Advisor

Re: SHA2 Certificate Upgrade - Issues Registering to Skype for Business

Thanks, Steffen.

 

Main log entry that repeats is:

 

0206180411|sip  |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=20
0206180411|sip  |4|00|MakeTlsConnection: SSL_connect error 1
0206180411|sip  |4|00|MakeTlsConnection: connection failed error -1

 

I will open a ticket with support to continue working on this.  I just wasn't sure if someone who has been in this situation could potentially give me a push in the right direction.

 

Thanks

Sean

Message 3 of 5
Regular Advisor

Re: SHA2 Certificate Upgrade - Issues Registering to Skype for Business

Sean,

We don't use an intermediary with our internal CA.  When we had to renew our internal CA cert we added the new and old CA Cert via config file to all our phones.

 

We added the new one to CA 7 and the old one to CA 5 on the phones, only use CA 7 if you have no older Polycom SIP phones or they have different config files.  So you would have three certs CA 6 is managed automatically if you have PIN auth setup. 

 

Attached JPEG for referance.

 

Message 4 of 5
Polycom Employee & Community Manager

Re: SHA2 Certificate Upgrade - Issues Registering to Skype for Business

Hello @Sean.Stanley66,

Try with these logs:

 

Settings > Logging > Global Settings > Global Log Level Limit > Debug
Settings > Logging > Global Settings > Global Log Level Limit > Log File Size (Kbytes) > VVX pr = 1000 or Trio 10000
Settings > Logging > Module Log Level Limits > SIP > Debug
Settings > Logging > Module Log Level Limits > CURL > Event 1

 

Supply them to support once you ensured its not an issue on your end.

 

Best Regards

 

Steffen Baier




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 5 of 5