Plantronics + Polycom. Now together as Poly Logo

HTTPS Provisioning with IIS7.5 and Polycom IP650 -

SOLVED
Occasional Advisor

HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Hey all,

 

 

I am haveing some trouble provisioning my Polycom IP650 via https.

I have gone through the instructions for mutual TLS provisioning for IIS6 and made a couple of modifcations for IIS7.5 but no joy.

 

I have looked at as many posts as I can find but any people who seem to have similar problems have no resolution.

I'll try to give as much info about the setup and problem here but ANY help or information is greatly appreciated.

 

Anyway here goes:

IIS7.5 configured to use digest authentication and https (If I configure this to run over http the phone will pull the config but not over https)

Polycom certificate install on server and set to trusted root CA - I would be happy to just use digest authentication and not client certificate so site is set to "accept client certificate" and not "require".

 

The certificate we are using is geotrust equifax and as per the manual it should be accepted.

In case it is not I downloaded the root CA cert to the phone directly but still not working.

 

To confirm the SSL site is working I can do 2 things, browse to it via web browser and enter credentials or use CURL to download a sample file, both of these work perfectly.

At the moment I am unable to to use WGET but because CURL works with --digest switch I think this is issue with WGET and not my misuse.

 

Using wireshark I can see  the phone try to communicate but no data actually gets sent, just a loop of client helo, server helo and key exchange.

 

Any help at this point would be greatly appreciated and if anyone needs more info please let me know.

 

 

 

Oh and also just updated to latest SIP and boot rom and still not working :)

 

Message 1 of 8
7 REPLIES 7
Polycom Employee & Community Manager

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Hello Nbrophy,

 

welcome to the Polycom Community.

 

I would suggest to use syslog to troubleshoot and set the Log Level for CURL and Copy Utilities to a Event 2 Level and try the provisioning again.

 

Check the log against the SSL authentication.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 8
Occasional Advisor

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Steffen,

 

Thanks for the prompt reply, does the phone support snmp or is it syslog only.

Currently have nothing for syslog in our environment, could you reccomend a lightweight app might would suit?

 

Thanks again,

Nick 

Message 3 of 8
Polycom Employee & Community Manager

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Hello Nick,

 

I personally use 3CDaemon which was developed by 3CX but I am unsure how easy you can find this.

 

Any simple syslog app should do and we do not support SNMP.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 8
Occasional Advisor

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Thanks Steffen,

 

I'll give a look for it, in the mean time if you think of anything else that might be causing it not to communicate I would appreciate it if you let me know.

I have a feeling it has to do with the certificate but only because it works fine without it.

Once I get a syslog app up and running i'll share results here.

 

Thanks again,

Nick 

Message 5 of 8
Occasional Advisor

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Steffen,

 

Thanks for your advice last week, i think I am close to a solution now and I was wondering if you could help me confirm.

 

Please see the output from phone syslog below:

 

SSL: certificate subject name '*.ourcompanyname.com' does not match target host name 'prov. ourcompanyname .com'

 

Do you know if the phones support wildcard certificates? 

 

Message 6 of 8
Polycom Employee & Community Manager

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Hello nbrophy,

 

Polycom UCS / SIP Software does currently not support wildcard certificates.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 7 of 8
Occasional Advisor

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Thanks for the quick reply Steffen.

At least now we know the problem.

 

Thanks,

Nick 

Message 8 of 8