• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hi all,

 

I am currently trying to register a Polycom SoundStation IP 6000 at an OpenScape Voice V6 via TLS + certificates.

 

This is my current result:

0131104645|sip  |4|03|Server certificate verification failed, Untrusted Cetificate
0131104645|sip  |4|03|MakeTlsConnection: SSL_connect error 1
0131104645|sip  |4|03|MakeTlsConnection: connection failed error -1

 

MAC-phone.cfg (some information redacted) :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Application SIP Mink 4.0.1.13681 29-Nov-11 17:51 -->
<!-- Created 31-01-2013 10:04 -->
<PHONE_CONFIG>
	<OVERRIDES
		device.auth.localAdminPassword="[Password]"
		device.auth.localAdminPassword.set="1"
		device.set="1"
		tcpIpApp.sntp.address="[SNTP IP Address]"
		tcpIpApp.sntp.gmtOffset="3600"
		reg.1.address="[e.164 phone number]"
		reg.1.auth.password="[password]"
		reg.1.auth.userId="[e.164 phone number]"
		reg.1.label="[e.164 phone number]"
		sec.TLS.customDeviceCert.1="-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----"
		sec.TLS.customDeviceKey.1="-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----"
		sec.TLS.profile.1.deviceCert="Application1"
		reg.1.server.1.address="[SIP-Registrar IP]"
		sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
"
	/>
</PHONE_CONFIG>

 

TLS configuration from web GUI:

 

 

 

I set the OSV root certificate as Application CA 1 and the client certificate as Application Credential 1. Both were accepted as valid by the SoundStation.

Assigned both certificates a profile and set SIP to the pofile. I disabled Common Name Validation.

 

 

 

I already consulted the Polycom-SEN test protocols concerning IP6000 on OSV but it was somewhat vague which items you have to configure.

"Change the OpenScape Voice subscriber settings so that

Digest Authentication is required for the

registration. Verify that the phone does not register."

"Add the information for Digest Authentication to the

test phone settings via web GUI and verify that the

phone registers."

Doesn't really tell me what has to be done.

 

I am able to trace that both the SoundStation and the OSV try to exchange certificates but for some reason it fails.

 

Any help or ideas as to why that might be are very welcome.

 

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Hello,

 

the comment was meant if copy&pasting into a configuration file.

 

A correct Cert will have the correct supported formatting.

 

Your logs should show the issue and you may need to work with Siemens to get a ticket raised with Polycom.

 

Best regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

View solution in original post

3 REPLIES 3
HP Recommended

Hello tmmVoice,

 

I would suggest you set CURL and TLS both to a log level 3 and check the Log files.

 

It is important that the certificate does not contain any carriage return (CR) or line feeds (LF).

 

Have a look => here <= for an 802.1x example

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thanks for your reply.

 

 

It is important that the certificate does not contain any carriage return (CR) or line feeds (LF).

 

As far as I know, .pem files(which I use) are expected to contain LFs. Do these count towards this restriction?

When I remove the line breaks from the sec.tls.customDeviceCert.1 value in the configuration file the device does not recognise the value.

HP Recommended

Hello,

 

the comment was meant if copy&pasting into a configuration file.

 

A correct Cert will have the correct supported formatting.

 

Your logs should show the issue and you may need to work with Siemens to get a ticket raised with Polycom.

 

Best regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.