Plantronics + Polycom. Now together as Poly Logo

Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Polycom VVX TLS Configuration Guide with Acme Packet SBC

SOLVED
Go to solution
jam
Advisor
‎10-31-2016 11:34 AM
‎10-31-2016 11:34 AM

Polycom VVX TLS Configuration Guide with Acme Packet SBC

Does anyone have a guide detailing the configurations steps required to enable TLS on VVX handsets registering to the Acme Packet SBC. I already completed the neccessary TLS configurations in the SBC however need to guidance with adding the same in the Polycoms.

 

Thanks

Message 1 of 8
0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎11-16-2016 05:12 AM
‎11-16-2016 05:12 AM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

 

We do not even know your currently used software version yet.

The community's VoIP FAQ contains this post here:

Oct 7, 2011 Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check => here <=

 

In addition the logs do not show any details yet.

 

  • Settings > Logging > Global Log Level Limit > Debug
  • Settings > Logging > Module Log Level Limits > SIP > Debug
  • Settings > Logging > Module Log Level Limits > TLS > Debug
  • Settings > Logging > Module Log Level Limits > CURL > Debug

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 7 of 8
0 Kudos
Reply
7 REPLIES 7
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎10-31-2016 12:39 PM
‎10-31-2016 12:39 PM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

welcome back to the Polycom Community.

The community's VoIP FAQ contains this post here:

Apr 17, 2013 QuestionHow can I setup a TLS connection for SIP signaling and / or troubleshoot this?

Resolution: Please check => here <=

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 8
0 Kudos
Reply
jam
Advisor
‎10-31-2016 12:52 PM
‎10-31-2016 12:52 PM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Thanks for the feedback. Is there a configuration file parameter that I can use to insert the path of the certifcate.pem file instead on manually setting this in the web ui of the phone.

 

Thanks

Message 3 of 8
0 Kudos
Reply
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎10-31-2016 12:53 PM
‎10-31-2016 12:53 PM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

You can either set a path in the Web UI or use a cfg file from a configuration including the cert.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 8
0 Kudos
Reply
jam
Advisor
‎11-16-2016 04:57 AM
‎11-16-2016 04:57 AM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

I created a .cfg configuration file with the below details however the phone is failing at the TLS handshake with the SBC. Please help!

 

configuration file sample

 

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<!-- Generated reg-basic.cfg Configuration File -->
<polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd">
<DEVICE_SETTINGS
device.set="1"
device.sec.TLS.customCaCert1.set="1"
device.sec.TLS.customCaCert1="CA PUBLIC KEY COPIED HERE"
/>
</polycomConfig>

 

 

In the log file of the phone I am seeing the errors

 

 

1116071750|sip |4|00|MakeTlsConnection: connection failed error -1
1116071750|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Lync Special Interop is disabled.
1116071750|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Exiting from certificate fetch procedure.
1116071835|sip |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=19
1116071835|sip |4|00|MakeTlsConnection: SSL_connect error 1
1116071835|sip |4|00|MakeTlsConnection: connection failed error -1
 

In wireshark the phone final response to the handshake is - Alert (Level: Fatal, Description: Unknown  CA) 

Message 5 of 8
0 Kudos
Reply
jam
Advisor
‎11-16-2016 04:58 AM
‎11-16-2016 04:58 AM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

I should also note that we are currently using an in-house CA for testing.

 

Thanks

 

Regards

JM

Message 6 of 8
0 Kudos
Reply
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎11-16-2016 05:12 AM
‎11-16-2016 05:12 AM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Hello Jam,

 

We do not even know your currently used software version yet.

The community's VoIP FAQ contains this post here:

Oct 7, 2011 Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check => here <=

 

In addition the logs do not show any details yet.

 

  • Settings > Logging > Global Log Level Limit > Debug
  • Settings > Logging > Module Log Level Limits > SIP > Debug
  • Settings > Logging > Module Log Level Limits > TLS > Debug
  • Settings > Logging > Module Log Level Limits > CURL > Debug

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 7 of 8
0 Kudos
Reply
jam
Advisor
‎12-12-2016 01:26 PM
‎12-12-2016 01:26 PM

Re: Polycom VVX TLS Configuration Guide with Acme Packet SBC

Thanks for the feedback, I was able to successfully have tls working with the information provided here.

Message 8 of 8
0 Kudos
Reply