• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi

 

Is there a way to check or extract a phones root certificate at all?  We are getting a large number of phones that are failing SSL/TLS handshakes with the provisioning server and wanted to check if there is any way to validate the certificates on the phone?

 

Is the phones certificate the same as when you log into the web browser or does it use more than one certificate?

 

Any help with this would be really appreciated.  Phones are multiple models of VVX's UC Software Version 4.1.5.3284 BootROM Software Version 5.1.5.3810

 

Sample log:

 

143: 2014-01-31 14:28:53:  
|4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
144: 2014-01-31 14:28:53:   
|*|00|Prov|Starting to update 4.1.5.sip.ld
145: 2014-01-31 14:28:54:  
|4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
146: 2014-01-31 14:28:55:   
|4|00|Prov|Some configuration files could not be obtained, reverting to previous config
149: 2014-01-31 14:28:57:  
|4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
150: 2014-01-31 14:28:57:  
|4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:#012error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
151: 2014-01-31 14:28:57:   
|4|00|Prov|Not setting device parameters since configuration was not updated.

 

Cheers

 

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Hello Dave,

The phone trusts a whole lot of certificate authorities by default. These are detailed in the Trusted Certificate Authority List within the matching Admin Guide.

 

In addition Polycom provides a Certificate that can be placed on a server.

 

This X.509 digital certificate is signed by the Polycom Root CA and may be used by a server to authenticate the phone when initiating Transport Layer Security (TLS) communications such as those used for HTTPS provisioning and TLS SIP signaling encryption.

 

The Polycom Root CA can be downloaded from http://pki.polycom.com/pki. The X.509 digital certificates are set to expire on March 9, 2044.

 

You can also import a certificate into the phone. For more details please check the Technical Bulletin 52609 which can be found in the Feature Descriptions & Technical Notifications Section on the Polycom Web Site.

 

Once a certificate has been imported you can export the configuration to check this. There is no way to export any other built in certificates.

 

For more details please work with your Polycom sales engineer.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

View solution in original post

5 REPLIES 5
HP Recommended

Hello Dave,

The phone trusts a whole lot of certificate authorities by default. These are detailed in the Trusted Certificate Authority List within the matching Admin Guide.

 

In addition Polycom provides a Certificate that can be placed on a server.

 

This X.509 digital certificate is signed by the Polycom Root CA and may be used by a server to authenticate the phone when initiating Transport Layer Security (TLS) communications such as those used for HTTPS provisioning and TLS SIP signaling encryption.

 

The Polycom Root CA can be downloaded from http://pki.polycom.com/pki. The X.509 digital certificates are set to expire on March 9, 2044.

 

You can also import a certificate into the phone. For more details please check the Technical Bulletin 52609 which can be found in the Feature Descriptions & Technical Notifications Section on the Polycom Web Site.

 

Once a certificate has been imported you can export the configuration to check this. There is no way to export any other built in certificates.

 

For more details please work with your Polycom sales engineer.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thanks for all the help Steffen

HP Recommended

The link to your certificates is broken.  Can you provide the new location?

HP Recommended

Hello @rnaimon ,

 

welcome to the Poly Community.

 

The link without the "." at the end should work

 

http://pki.polycom.com/pki

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended
It is still giving me a 404 error.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.