• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hey all,

 

 

I am haveing some trouble provisioning my Polycom IP650 via https.

I have gone through the instructions for mutual TLS provisioning for IIS6 and made a couple of modifcations for IIS7.5 but no joy.

 

I have looked at as many posts as I can find but any people who seem to have similar problems have no resolution.

I'll try to give as much info about the setup and problem here but ANY help or information is greatly appreciated.

 

Anyway here goes:

IIS7.5 configured to use digest authentication and https (If I configure this to run over http the phone will pull the config but not over https)

Polycom certificate install on server and set to trusted root CA - I would be happy to just use digest authentication and not client certificate so site is set to "accept client certificate" and not "require".

 

The certificate we are using is geotrust equifax and as per the manual it should be accepted.

In case it is not I downloaded the root CA cert to the phone directly but still not working.

 

To confirm the SSL site is working I can do 2 things, browse to it via web browser and enter credentials or use CURL to download a sample file, both of these work perfectly.

At the moment I am unable to to use WGET but because CURL works with --digest switch I think this is issue with WGET and not my misuse.

 

Using wireshark I can see  the phone try to communicate but no data actually gets sent, just a loop of client helo, server helo and key exchange.

 

Any help at this point would be greatly appreciated and if anyone needs more info please let me know.

 

 

 

Oh and also just updated to latest SIP and boot rom and still not working 🙂

 

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Hello nbrophy,

 

Polycom UCS / SIP Software does currently not support wildcard certificates.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

View solution in original post

7 REPLIES 7
HP Recommended

Hello Nbrophy,

 

welcome to the Polycom Community.

 

I would suggest to use syslog to troubleshoot and set the Log Level for CURL and Copy Utilities to a Event 2 Level and try the provisioning again.

 

Check the log against the SSL authentication.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Steffen,

 

Thanks for the prompt reply, does the phone support snmp or is it syslog only.

Currently have nothing for syslog in our environment, could you reccomend a lightweight app might would suit?

 

Thanks again,

Nick 

HP Recommended

Hello Nick,

 

I personally use 3CDaemon which was developed by 3CX but I am unsure how easy you can find this.

 

Any simple syslog app should do and we do not support SNMP.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thanks Steffen,

 

I'll give a look for it, in the mean time if you think of anything else that might be causing it not to communicate I would appreciate it if you let me know.

I have a feeling it has to do with the certificate but only because it works fine without it.

Once I get a syslog app up and running i'll share results here.

 

Thanks again,

Nick 

HP Recommended

Steffen,

 

Thanks for your advice last week, i think I am close to a solution now and I was wondering if you could help me confirm.

 

Please see the output from phone syslog below:

 

SSL: certificate subject name '*.ourcompanyname.com' does not match target host name 'prov. ourcompanyname .com'

 

Do you know if the phones support wildcard certificates? 

 

HP Recommended

Hello nbrophy,

 

Polycom UCS / SIP Software does currently not support wildcard certificates.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thanks for the quick reply Steffen.

At least now we know the problem.

 

Thanks,

Nick 

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.