• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi,

 

I run a custom provisioning server and trying to provision VVX350 phones with firmware 6.4.1.2280

 

The initial provisioning works fine :

- factory reset

- manually enter provisioning information via web interface

 

Then the next provisioning attempts will all fail :

SSL_connect error Peer certificate cannot be authenticated with known CA certificates.
SSL certificate problem, verify that the CA cert is OK.
Details:error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

 

My server uses a valid letsencript certificate and CA is ISRG Root X1.

The phones also have this CA certificate ... twice :

8210CFB0D240E3594463E0BB63828B00 ISRG Root X1 ISRG Root X1 Jun 4 11:04:38 2015 GMT Jun 4 11:04:38 2035 GMT Certificate Sign, CRL Sign CA:TRUE 
5D938D306736C8061D1AC754846907 ISRG Root X1 ISRG Root X1 Oct 29 15:59:56 2008 GMT Jan 1 00:00:00 2030 GMT Certificate Sign, CRL Sign CA:TRUE

 

So why does the initial provisioning works and not the others ?

Is the duplicate certificate in the phone causing this issue ?

 

Thanks for your help.

 

Geoffroy

6 REPLIES 6
HP Recommended

Hello @Off-IT ,

 

Welcome to the Poly Community.

Both the communities Must Read First or Read 1st and if available the FAQ reference the basic minimum information a new or follow up post should contain.

This ensures the questions having to be asked are limited and any new or follow up post contains the right amount of details to ensure any voluntary participant within the community does not spend additional time chasing basic information.


Unfortunately, your post fell a bit short of the above-explained requirements and we kindly ask you, therefore, to ensure to read these sections and ensure a reply (not Edit!) provides as much detail as possible.

 

What do you mean by initial provisioning? Is this using FTPs or HTTPs? 

 

It would be great for volunteers if you could share a backup and/or logs or if this is urgent work with Poly support directly.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

The provisioning is using HTTPs.

 

I noticed that letsencript uses an intermediate certificate : R3.

https://letsencrypt.org/certificates/

 

This R3 certificate does not appear on the phone certificates list.

 

 

HP Recommended

Hello @Off-IT ,

 

Welcome back to the Poly Community.

 

Again not a lot for the volunteers to help you with as the included certificates in the software should be able to use the intermediate cert used in this case.

 

Again without logs and/or a backup not much we can do and the next step is a support ticket.

 

If the unit is out of warranty please work with the Poly reseller who sold the phones as they can charge you for PPI/Pay Per Incident support.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Hi,

 

Thanks for your reply, I understand that you need a bit more information. Here a the logs :

 

1224103426|cfg  |*|00|Prov|Starting to provision
1224103427|copy |4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
1224103427|copy |4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
1224103427|cfg  |4|00|Prov|Download of master configuration file failed
1224103427|cfg  |4|00|Prov|Trying to boot from existing configuration
1224103427|cfg  |4|00|Prov|Update configuration failed
1224103427|cfg  |4|00|Prov|Not setting device parameters since configuration was not updated.

 

Regards

 

Geoffroy

HP Recommended

Hello @Off-IT ,

 

again you are not providing everything and/or changing the logging to some useful log levels.

 

https://community.polycom.com/t5/VoIP-SIP-Phones/FAQ-How-can-I-setup-my-Phone-Provisioning-Download-...

 

The above discussed HTTPS provisioning and has some logging suggestions for logs.

 

Please utilize these and/or move forward as already explained and work with the Poly reseller who sold the phones as they can charge you for PPI/Pay Per Incident support.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

 

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Hello @Off-IT 

 

if not already done so please open a ticket and reference 33922529 as a similar ticket.

 

As a workaround please use this configuration:

 

<PLATCA
	device.set="1"
	device.sec.TLS.customCaCert1.set="1"
	device.sec.TLS.customCaCert1="-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----"
	device.sec.TLS.profile.caCertList1.set="1"
	device.sec.TLS.profile.caCertList1="Platform1"
/>

 

 

Best regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.