• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hello,

 

when connecting VSX 7000A using https I get an error about certificate expiration (2012-09-04).

IE9 has problems accepting such connections, FF can accept, but can't properly display all frames

what is the way to obtain valid certificate ? I've tried to update system with lastest software (Release 9.0.6.2-103) connected to public net (without proxy) - no result, maybe it must by only renewed by Poly ?

 

DS

 

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Hi, I just happened to experience the same issue with our VSX 7000 and found a solution.

 

Long story short, Microsoft released Windows Update KB2661254 sometime in Sept/Oct 2012  which sets a minimum requirement of 1024 bit keys for SSL certificates.  The VSX 7000 uses a 512 bit key.  To allow 512 bit keys on your Windows PC, you need to add this to your registry:

 

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config

Name: MinRsaPubKeyBitLength

Type: DWORD

Value: 512 decimal / 200 hex

 

Source:

View solution in original post

7 REPLIES 7
HP Recommended

I am experiencing the same issue as well with all of our VSX 7000e endpoints. 

 

- When attempting to access a VSX's HTTPS web interface when using Internet Explorer 9, I get a prompt stating an invalid certificate (but no details), and clicking on the option to Continue and Ignore certificate error, nothing happens (the web page posts and goes immediately back to the Certificate Error warning)

 

- All of our VSX systems have Security Mode enabled. Disabling Security mode allows IE 9 to access the endpoint's web interface via standard HTTP. (HTTPS access is still rejected)

 

- We are using IE 9, with all advertised Windows Updates installed.

 

- Accessing the HTTPS Web interface via any other browser (Firefox, Chrome, Safari), acknowledges the certificate can't be trusted, BUT clicking ignore/continue properly loads the web interface content!

 

 - Inspecting the certificate details on our VSX in Firefox shows that the cert CN is www.polycom.com (self-signed) and that its expiry date was set to Sept 29 2011.

 

- I can assume that this problem is strictly linked with IE 9; I took one of our endpoints out of our institution and connected it to my home network (Windows 7 with IE 9, all updates), and had the exact same problems attempting HTTPS session.

 

- We have two HDX 8000 in our organization; we can use IE 9 and HTTPS web interface works (certificate error is still shown, but clicking Continue works as it should). The certificates on the HDX are set to expire in 2022 🙂

 

 -I can't recall for sure, but the last time I think one of us used IE 9 for HTTPS interaction to a VSX was over 6 months ago...

 

 

Like DS, I am assuming that maybe generating or updating the endpoint's self-signed certificate might fix the issue, so would there be anyone out there with some words of wisdom?

 

Thanks in advance for any tips or suggestions you might have.

 

Kenny G

HP Recommended

Hi, I just happened to experience the same issue with our VSX 7000 and found a solution.

 

Long story short, Microsoft released Windows Update KB2661254 sometime in Sept/Oct 2012  which sets a minimum requirement of 1024 bit keys for SSL certificates.  The VSX 7000 uses a 512 bit key.  To allow 512 bit keys on your Windows PC, you need to add this to your registry:

 

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config

Name: MinRsaPubKeyBitLength

Type: DWORD

Value: 512 decimal / 200 hex

 

Source:

HP Recommended

Hi Tim,

Just wanted to let you know this registry setting worked for me.

 

regards,

Pieter

HP Recommended

thx - problem resolved !

HP Recommended

 

Hey Tim808, your instructions worked!  Thanks for all your help.

 

 

HP Recommended

I have been updating passwords and software on all my company's Polycoms. I also ran into this problem on the VSX 7000s. I was finally able to access the security page after using the registry fix but still could not change the passwords. I found that  version 9 software, the password change would not accept certain symbols. I then had to downgrade to version 8.7 for my password to be accepted. After changing the password  I updated to version 9.062 and all was well.

HP Recommended

Thank you for the solution. However, I have to wonder if it's a good idea to change that, system wide?

 

Is there no way to do it on a site by site basis instead?

 

I just use Chrome and it lets me bypass the cert error on a case by case basis, which seems much more secure.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.