Solved: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

nbrophy · ‎03-23-2012

Hey all,

I am haveing some trouble provisioning my Polycom IP650 via https.

I have gone through the instructions for mutual TLS provisioning for IIS6 and made a couple of modifcations for IIS7.5 but no joy.

I have looked at as many posts as I can find but any people who seem to have similar problems have no resolution.

I'll try to give as much info about the setup and problem here but ANY help or information is greatly appreciated.

Anyway here goes:

IIS7.5 configured to use digest authentication and https (If I configure this to run over http the phone will pull the config but not over https)

Polycom certificate install on server and set to trusted root CA - I would be happy to just use digest authentication and not client certificate so site is set to "accept client certificate" and not "require".

The certificate we are using is geotrust equifax and as per the manual it should be accepted.

In case it is not I downloaded the root CA cert to the phone directly but still not working.

To confirm the SSL site is working I can do 2 things, browse to it via web browser and enter credentials or use CURL to download a sample file, both of these work perfectly.

At the moment I am unable to to use WGET but because CURL works with --digest switch I think this is issue with WGET and not my misuse.

Using wireshark I can see the phone try to communicate but no data actually gets sent, just a loop of client helo, server helo and key exchange.

Any help at this point would be greatly appreciated and if anyone needs more info please let me know.

Oh and also just updated to latest SIP and boot rom and still not working :)

SteffenBaierUK · ‎03-28-2012

Hello nbrophy,

Polycom UCS / SIP Software does currently not support wildcard certificates.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

SteffenBaierUK · ‎03-23-2012

Hello Nbrophy,

welcome to the Polycom Community.

I would suggest to use syslog to troubleshoot and set the Log Level for CURL and Copy Utilities to a Event 2 Level and try the provisioning again.

Check the log against the SSL authentication.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

nbrophy · ‎03-23-2012

Steffen,

Thanks for the prompt reply, does the phone support snmp or is it syslog only.

Currently have nothing for syslog in our environment, could you reccomend a lightweight app might would suit?

Thanks again,

Nick

SteffenBaierUK · ‎03-23-2012

Hello Nick,

I personally use 3CDaemon which was developed by 3CX but I am unsure how easy you can find this.

Any simple syslog app should do and we do not support SNMP.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

nbrophy · ‎03-23-2012

Thanks Steffen,

I'll give a look for it, in the mean time if you think of anything else that might be causing it not to communicate I would appreciate it if you let me know.

I have a feeling it has to do with the certificate but only because it works fine without it.

Once I get a syslog app up and running i'll share results here.

Thanks again,

Nick

nbrophy · ‎03-28-2012

Steffen,

Thanks for your advice last week, i think I am close to a solution now and I was wondering if you could help me confirm.

Please see the output from phone syslog below:

SSL: certificate subject name '*.ourcompanyname.com' does not match target host name 'prov. ourcompanyname .com'

Do you know if the phones support wildcard certificates?

SteffenBaierUK · ‎03-28-2012

Hello nbrophy,

Polycom UCS / SIP Software does currently not support wildcard certificates.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

nbrophy · ‎03-28-2012

Thanks for the quick reply Steffen.

At least now we know the problem.

Thanks,

Nick

HTTPS Provisioning with IIS7.5 and Polycom IP650 -

HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -

Re: HTTPS Provisioning with IIS7.5 and Polycom IP650 -