Plantronics + Polycom. Now together as Poly Logo

HTTPS Provisioning/Boot Server

Highlighted
Visitor

HTTPS Provisioning/Boot Server

Hi Guys

 

This is my first post and hope you can help.

 

I have setup a Windows 2008 server as a DC. I have also installed IIS and have setup a new site for HTTPS provisioning.

 

It is setup on port 80/443, with Basic Auth, however when the Polycom tries to connect I get 'could not contact boot server'

 

All permissions are correct, I can browse to it via IE. With Annonymous Auth enabled it works fine, but I notice in Wireshark that when the server sends back unauthorised the phone nevers then retries the GET with the Auth details.

 

Any help would be much appreciated.

 

Many Thanks

Message 1 of 11
10 REPLIES 10
Highlighted
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello edt8083,

 

welcome to the Polycom Community.

 

It would be helpful if your could specify the Phone Type, the SIP / UC Software Version and the BootROM Version of the Phone in question in order for someone to help you.

 

Did you check the Mutual Transport Layer Security Provisioning Using Microsoft Internet Information Services 6.0 at the  Feature Descriptions & Technical Notifications Section on the Polycom Web Site?

 

Did you install a certificate on the Polycom Phone if you are not using a VeriSign?

 

The minimum requierements are:

 

  • • Polycom SIP application 3.2 or later for mutual TLS feature.
  • • Polycom bootROM 4.2.0 or later for MD5 digest HTTP authentication.
  • • Web server capable of mutual TLS (client certificate checking). (For the configuration example in this bulletin, IIS is used.)
  • • One of the following:
  • — HTTPS server certificate and root CA certificate if it is self signed.
  • or
  • — A certificate from VeriSign® or another well known root CA.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 11
Highlighted
Visitor

Re: HTTPS Provisioning/Boot Server

Hi Steffan

 

Thanks for the info, I have not had much luck already consulted the links you have suggested.

 

The phones I have tested with are 331 and 550

 

The SIP version is 3.2.3.1734

 

Bootrom 4.2.2.0710.

 

Have tried one website with a global sign verified cert, and a second with a custom cert, uploaded to the phone.

 

I dont think https is necessarily the issue, as even just using http I have the issue.

 

 

Thanks

Ed

Message 3 of 11
Highlighted
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello Ed,

 

can you clarify this statement: "as even just using http I have the issue" ?

 

Can you not even provision the Phone via HTTP ? Do you have all the files coming with the SIP 3.2.3 Software unzipped to that directory?

 

You need to provide more details in order for the community to support you or work with your Reseller and/or Polycom Support.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 11
Highlighted
Visitor

Re: HTTPS Provisioning/Boot Server

Hi Steffan

 

Sorry if I wasnt clear.

 

I have a directory call phones. In this directory I have my SIP files(ld, cfg etc), I have my bootrom files(ld etc) I have MAC address files, I have lineport files. I have all the files from the same directory from another server that is setup as an FTP server.

 

so I am quite happy to say I have all the correct files, as when I provision using FTP it works quite happily.

 

Now with all of those in place on the new HTTP/HTTPS server, the phone is setup with server type HTTPS, with the correct URL, and username and password set. I have a custom cert loaded on to the phone. This does not work. When the phone tries to get the 3 initial files during the boot sequence, the phone fails to send another GET request with the auth details when it receives the initial 401 unauthorised message for the initial GET.

 

So even setting up the phone to look at provisioning via HTTP, I get the same issue. It is as though the phone does not recognise that it has the auth username and password set.

 

Hope that makes a bit more sense.

 

Thanks

Ed

Message 5 of 11
Highlighted
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello Ed,

 

I would suggest to upgrade to at least SIP 3.2.5 or UCS 3.3.2 and BootROM 4.3.0

 

Then enable the phone to be able to log to FTP or Syslog so you can see what the Phone is doing.

 

Can you wget from another Linux machine to the server to see if you can get the files or if it is just a permission on the Web Server ..?

 

Can another PC browse to the 000000000000.cfg on the HTTP Server?

 

This Feature is working and has been tested so you may need to go via your reseller / Polycom as advised above.

 

Regards

 

Steffen Baier

 

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 6 of 11
Highlighted
Visitor

Re: HTTPS Provisioning/Boot Server

Hi,

I am done with http auto provisioning of polycom 335 phone using http server  successfully .

Now,I want to do the same for HTTPS,may i know the procedure about  auto provisioning of polycom 335 using HTTPS,the configuration files of HTTPS.

 

Thanks,

Alekhya.G

Message 7 of 11
Highlighted
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello Alekhya.G,

welcome to the Polycom Community.

Our support page contains this post => here <=

 

This explains on page 40 how to use a Polycom certificate hosted at pki.polycom.com

 

The guide is a bit outdated as it only shows IIS 6.5 but should give you a good idea.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 8 of 11
Highlighted
Visitor

Re: HTTPS Provisioning/Boot Server

Helo,

 

I started learning asterisk last month ago..The file which u sended is very usefull,thankue

But iam working this provisioning on cent os (asterisk).May i know the procedure for auto provisioning of polycom 335 phone using HTTPS server

Thanks,

Alekhya.G

Message 9 of 11
Highlighted
Visitor

Re: HTTPS Provisioning/Boot Server

Hi,

Can i have reply from you?

 

Thanks,

Alekhya.G

Message 10 of 11