Plantronics + Polycom. Now together as Poly Logo

Polycom VVX TLS Configuration Guide with Acme Packet SBC

SOLVED
Advisor

Polycom VVX TLS Configuration Guide with Acme Packet SBC

Does anyone have a guide detailing the configurations steps required to enable TLS on VVX handsets registering to the Acme Packet SBC. I already completed the neccessary TLS configurations in the SBC however need to guidance with adding the same in the Polycoms.

 

Thanks

Message 1 of 8
7 REPLIES 7
Polycom Employee & Community Manager

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

welcome back to the Polycom Community.

The community's VoIP FAQ contains this post here:

Apr 17, 2013 QuestionHow can I setup a TLS connection for SIP signaling and / or troubleshoot this?

Resolution: Please check => here <=

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 8
Advisor

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Thanks for the feedback. Is there a configuration file parameter that I can use to insert the path of the certifcate.pem file instead on manually setting this in the web ui of the phone.

 

Thanks

Message 3 of 8
Polycom Employee & Community Manager

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

You can either set a path in the Web UI or use a cfg file from a configuration including the cert.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 8
Advisor

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

I created a .cfg configuration file with the below details however the phone is failing at the TLS handshake with the SBC. Please help!

 

configuration file sample

 

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!-- Generated reg-basic.cfg Configuration File -->
<polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd">
<DEVICE_SETTINGS
device.set="1"
device.sec.TLS.customCaCert1.set="1"
device.sec.TLS.customCaCert1="CA PUBLIC KEY COPIED HERE"
/>
</polycomConfig>

 

 

In the log file of the phone I am seeing the errors

 

 

1116071750|sip |4|00|MakeTlsConnection: connection failed error -1
1116071750|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Lync Special Interop is disabled.
1116071750|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Exiting from certificate fetch procedure.
1116071835|sip |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=19
1116071835|sip |4|00|MakeTlsConnection: SSL_connect error 1
1116071835|sip |4|00|MakeTlsConnection: connection failed error -1
 

In wireshark the phone final response to the handshake is - Alert (Level: Fatal, Description: Unknown  CA) 

Message 5 of 8
Advisor

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

I should also note that we are currently using an in-house CA for testing.

 

Thanks

 

Regards

JM

Message 6 of 8
Polycom Employee & Community Manager

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

 

We do not even know your currently used software version yet.

The community's VoIP FAQ contains this post here:

Oct 7, 2011 Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check => here <=

 

In addition the logs do not show any details yet.

 

  • Settings > Logging > Global Log Level Limit > Debug
  • Settings > Logging > Module Log Level Limits > SIP > Debug
  • Settings > Logging > Module Log Level Limits > TLS > Debug
  • Settings > Logging > Module Log Level Limits > CURL > Debug

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 7 of 8
Advisor

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Thanks for the feedback, I was able to successfully have tls working with the information provided here.

Message 8 of 8