I've tried searching here for information but don't see anything helpful. Hope this is the right place to ask.
I have a Polycom 550 that thas been working perfectly, first with my own Asterisk server, then a Fonality Trixbox, and for the last six months I've had three lines connecting through a company called Sipgate. Last week I set up a new account with a company called 8x8 to test their service (I've heard good things about them). At first they said my 550 could be used, but then I was unable to configure it through their servers. After some troubleshooting they tell me that my phone won't work because I have no "Device Certificate" installed, and that I should call Polycom about that.
First, if 8x8 uses security certificates (their provisioning server uses HTTPS) why wouldn't they simply install them from their server along with their bootrom and config files?
Second, I did find a Polycom document that says the "Device Certificate" must be installed at the time of manufacture. Is that true? It doesn't make much sense that I could update the bootrom and configurations freely, but I can't install a certificate file?
I'm currently using bootrom 4.3.0.0246 and sip 3.3.1.0933.
Thanks for any feedback.
Solved! Go to Solution.
Please ensure you check this Document:
Please ensure you check this Document:
Right, so that document says "Due to the nature of the security governing the issuance and tracking of the device certificates, it is not possible to add a device certificate except at the time of manufacture."
Is that the final word on the matter? It's not possible to add a device certificate to my current phone, even though I have the most current SIP software (3.3.1.0933)?
you should still be able to use Mutual TLS Authentication,
please check the Admin Guide here:
"Due to the nature of the security governing the issuance and tracking of the device certificates, it is not possible to add a device certificate except at the time of manufacture."
Yes, this is the absolute on that topic. To clarify, there is a large difference between the Polycom Device Certificate and a custom cert that an administrator might wish to use: The Device Certificates that come from Polycom can only be installed at the time the phone is manufactured. As Steffen mentioned, you CAN still load your own Root or Custom CA to the phone.
I know that 8x8 uses HTTPS for provisioning, but I'm not sure why they would require our Device Certificate; if they are requiring customers to have a Device Certificate but are not mentioning that before you actually purchase the service, we'd recommend contacting them to clarify. 8x8 is a Certified Polycom Reseller, and should have access to all of our Technical Bulletins and other resources. You may wish to provide them with another copy of TB3714 to determine how 8x8 wants to proceed from their end.
Let us know if you have any other questions.
Thanks James. That's the first thing I've heard that makes any kind of sense. It's perfectly reasonable for Polycom to hard code a certificate of your own, just like you bake in the MAC address. But a VoIP vendor like 8x8 couldn't issue client certs against your Polycom key, so why would they care about your certificate being installed or not? If they want to issue customers like me a client cert for each of my devices they should be able to do that with my 550.
I will send them all of this information and ask for clarification.
Did you ever get this resolved? I have a 500 as well (a Rev.D) and it is also missing the Polycom cert. I hope this won't be a major issue (seems like it shouldn't be) but I'd like to hear what your final result was with 8x8. cheers
8x8 does require the SSL certificate to be installed. I had 25 devices, all with no SSL certificate. We ended up re-buying 25 phones but 8x8 was nice enough to buy back our old phones as well.
I haved used hostedi.am to provisionined all the the polycom legacy phone and the new VVX models with no problems also provisionig the buttons on the units are very easy although they only support BLF, Monitor,speed dial and pickup with 1 button you can add a variety of combinations. If you provisioning the polycom phones in the LAN it becomes even more easier using this method http://vodia.com/documentation/pnp_lan_prov
overall I have become a big Polycom supporter beacuse of the ability to provisioning these phones old and new with Vodia PBX especially now that Polycom has added the firmware upgrade capability in the GUI of the phone, Great feature!
Keep up the good work!