Plantronics + Polycom. Now together as Poly Logo

Decrypt error using Custom Certificate

Javi
Occasional Contributor

Decrypt error using Custom Certificate

Hello,


we have installed a Geotrust certificate at Custmon certificate level in our polycoms.

when  our server sends the certificate included at  "Certificate, Server Key Exchange, Server Hello done" TLS packet, the polycom responds with "Decrypt error".

The CA signed the certificate with sha256WithRSAEncryption algorithm, do you Know if this algorithm is supported by the conference phone?


POlycom model: IP sound Station 7000
BootROM version: 4.3.1.0440
SIP version: 3.3.4.0085


Many thanks and Best Regards

Message 1 of 4
3 REPLIES 3
SteffenBaierUK
Polycom Employee & Community Manager

Re: Decrypt error using Custom Certificate

Hello Javi,

welcome back to the Polycom Community.

UC Software 3.3.4 is quite old so I would suggest to upgrade to UCS 4.0.7 and then test again.

 

For troubleshooting I can only suggest the CURL and TLS logging level.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 4
Squigley
Valued Contributor

Re: Decrypt error using Custom Certificate

 

Hi Javi,

 

I have tried using Geotrust certificates with Polycom devices several times, and had no success. We use a Geotrust wildcard certificate for our domain, but as it won't work with Polycom devices, we have a secondary certificate issued by Entrust that we use on our provisioning server.

Message 3 of 4
SteffenBaierUK
Polycom Employee & Community Manager

Re: Decrypt error using Custom Certificate

Hello Squigley,

The answer in regards to Wildcard certificates is pretty simple. We do currently not support this.

 

You would require a Feature Request to request the support for this.

 

A workaround is:

 

device.set="1"
device.sec.TLS.prov.strictCertCommonNameValidation.set="1"
device.sec.TLS.prov.strictCertCommonNameValidation="0"

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 4