Does anyone have a guide detailing the configurations steps required to enable TLS on VVX handsets registering to the Acme Packet SBC. I already completed the neccessary TLS configurations in the SBC however need to guidance with adding the same in the Polycoms.
Thanks
Solved! Go to Solution.
Hello Jam,
We do not even know your currently used software version yet.
The community's VoIP FAQ contains this post here:
Oct 7, 2011 Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check => here <=
In addition the logs do not show any details yet.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
Hello Jam,
welcome back to the Polycom Community.
The community's VoIP FAQ contains this post here:
Apr 17, 2013 Question: How can I setup a TLS connection for SIP signaling and / or troubleshoot this?
Resolution: Please check => here <=
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
Thanks for the feedback. Is there a configuration file parameter that I can use to insert the path of the certifcate.pem file instead on manually setting this in the web ui of the phone.
Thanks
Hello Jam,
You can either set a path in the Web UI or use a cfg file from a configuration including the cert.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
I created a .cfg configuration file with the below details however the phone is failing at the TLS handshake with the SBC. Please help!
configuration file sample
<?xml version="1.0" encoding="utf-8" standalone="yes"?> <!-- Generated reg-basic.cfg Configuration File --> <polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd"> <DEVICE_SETTINGS device.set="1" device.sec.TLS.customCaCert1.set="1" device.sec.TLS.customCaCert1="CA PUBLIC KEY COPIED HERE" /> </polycomConfig>
In the log file of the phone I am seeing the errors
1116071750|sip |4|00|MakeTlsConnection: connection failed error -1 1116071750|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Lync Special Interop is disabled. 1116071750|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Exiting from certificate fetch procedure. 1116071835|sip |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=19 1116071835|sip |4|00|MakeTlsConnection: SSL_connect error 1 1116071835|sip |4|00|MakeTlsConnection: connection failed error -1
In wireshark the phone final response to the handshake is - Alert (Level: Fatal, Description: Unknown CA)
I should also note that we are currently using an in-house CA for testing.
Thanks
Regards
JM
Hello Jam,
We do not even know your currently used software version yet.
The community's VoIP FAQ contains this post here:
Oct 7, 2011 Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check => here <=
In addition the logs do not show any details yet.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
Thanks for the feedback, I was able to successfully have tls working with the information provided here.