Plantronics + Polycom. Now together as Poly Logo

Device Certificate Not Installed - so how do I get one?

SOLVED
Occasional Visitor

Device Certificate Not Installed - so how do I get one?

I've tried searching here for information but don't see anything helpful.  Hope this is the right place to ask.

 

I have a Polycom 550 that thas been working perfectly, first with my own Asterisk server, then a Fonality Trixbox, and for the last six months I've had three lines connecting through a company called Sipgate.  Last week I set up a new account with a company called 8x8 to test their service (I've heard good things about them).  At first they said my 550 could be used, but then I was unable to configure it through their servers.  After some troubleshooting they tell me that my phone won't work because I have no "Device Certificate" installed, and that I should call Polycom about that.

 

First, if 8x8 uses security certificates (their provisioning server uses HTTPS) why wouldn't they simply install them from their server along with their bootrom and config files?

 

Second, I did find a Polycom document that says the "Device Certificate" must be installed at the time of manufacture.  Is that true?  It doesn't make much sense that I could update the bootrom and configurations freely, but I can't install a certificate file?

 

I'm currently using bootrom 4.3.0.0246 and sip 3.3.1.0933.

 

Thanks for any feedback.

 

 

Message 1 of 9
8 REPLIES 8
Polycom Employee & Community Manager

Re: Device Certificate Not Installed - so how do I get one?

Hello RStoeber,

 

Please ensure you check this Document:

 

http://support.polycom.com/global/documents/support/technical/products/voice/Device_Certificates_on_...

 

Best Regards

 

Steffen Baier




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 9
Occasional Visitor

Re: Device Certificate Not Installed - so how do I get one?

Right, so that document says "Due to the nature of the security governing the issuance and tracking of the device certificates, it is not possible to add a device certificate except at the time of manufacture."

 

Is that the final word on the matter?  It's not possible to add a device certificate to my current phone, even though I have the most current SIP software (3.3.1.0933)?

 

 

Message 3 of 9
Highlighted
Polycom Employee & Community Manager

Re: Device Certificate Not Installed - so how do I get one?

Hi,

 

you should still be able to use Mutual TLS Authentication,

 

please check the Admin Guide here:

 

http://supportdocs.polycom.com/PolycomService/support/global/documents/support/setup_maintenance/pro...

 

Regards

 

Steffen Baier




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 9
Valued Contributor

Re: Device Certificate Not Installed - so how do I get one?

Hi rstoeber,

 

"Due to the nature of the security governing the issuance and tracking of the device certificates, it is not possible to add a device certificate except at the time of manufacture."

 

Yes, this is the absolute on that topic. To clarify, there is a large difference between the Polycom Device Certificate and a custom  cert that an administrator might wish to use: The Device Certificates that come from Polycom can only be installed at the time the phone is manufactured. As Steffen mentioned, you CAN still load your own Root or Custom CA to the phone.

 

I know that 8x8 uses HTTPS for provisioning, but I'm not sure why they would require our Device Certificate; if they are requiring customers to have a Device Certificate but are not mentioning that before you actually purchase the service, we'd recommend contacting them to clarify. 8x8 is a Certified Polycom Reseller, and should have access to all of our Technical Bulletins and other resources. You may wish to provide them with another copy of TB3714 to determine how 8x8 wants to proceed from their end.

 

Let us know if you have any other questions.

 

-James

Message 5 of 9
Occasional Visitor

Re: Device Certificate Not Installed - so how do I get one?

Thanks James.  That's the first thing I've heard that makes any kind of sense.  It's perfectly reasonable for Polycom to hard code a certificate of your own, just like you bake in the MAC address.  But a VoIP vendor like 8x8 couldn't issue client certs against your Polycom key, so why would they care about your certificate being installed or not?  If they want to issue customers like me a client cert for each of my devices they should be able to do that with my 550.

 

I will send them all of this information and ask for clarification.

 

 

Message 6 of 9
Frequent Advisor

Re: Device Certificate Not Installed - so how do I get one?

Hey RStoeber,

Did you ever get this resolved?  I have a 500 as well (a Rev.D) and it is also missing the Polycom cert.  I hope this won't be a major issue (seems like it shouldn't be) but I'd like to hear what your final result was with 8x8.  cheers

Luke

 

Message 7 of 9
Occasional Visitor

Re: Device Certificate Not Installed - so how do I get one?

8x8 does require the SSL certificate to be installed. I had 25 devices, all with no SSL certificate. We ended up re-buying 25 phones but 8x8 was nice enough to buy back our old phones as well.

Message 8 of 9
Frequent Visitor

Re: Device Certificate Not Installed - so how do I get one?

I haved used hostedi.am to provisionined all the the polycom legacy phone and the new VVX models with no problems also provisionig the buttons on the units are very easy although they only support BLF, Monitor,speed dial and pickup with 1 button you can add a variety of combinations. If you provisioning the polycom phones in the LAN it becomes even more easier using this method http://vodia.com/documentation/pnp_lan_prov

 

overall I have become a big Polycom supporter beacuse of the ability to provisioning these phones old and new with Vodia PBX especially now that Polycom has added the firmware upgrade capability in the GUI of the phone, Great feature!

 

Thanks Polycom!! 

 

Keep up the good work! 

Message 9 of 9