-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Poly Phones
- Desk and IP Conference Phones
- Re: SoundStation IP 6000 on OSV V6 via TLS + custom certific...
Create an account on the HP Community to personalize your profile and ask a question
01-31-2013 03:22 AM
Hi all,
I am currently trying to register a Polycom SoundStation IP 6000 at an OpenScape Voice V6 via TLS + certificates.
This is my current result:
0131104645|sip |4|03|Server certificate verification failed, Untrusted Cetificate 0131104645|sip |4|03|MakeTlsConnection: SSL_connect error 1 0131104645|sip |4|03|MakeTlsConnection: connection failed error -1
MAC-phone.cfg (some information redacted) :
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!-- Application SIP Mink 4.0.1.13681 29-Nov-11 17:51 --> <!-- Created 31-01-2013 10:04 --> <PHONE_CONFIG> <OVERRIDES device.auth.localAdminPassword="[Password]" device.auth.localAdminPassword.set="1" device.set="1" tcpIpApp.sntp.address="[SNTP IP Address]" tcpIpApp.sntp.gmtOffset="3600" reg.1.address="[e.164 phone number]" reg.1.auth.password="[password]" reg.1.auth.userId="[e.164 phone number]" reg.1.label="[e.164 phone number]" sec.TLS.customDeviceCert.1="-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE-----" sec.TLS.customDeviceKey.1="-----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----" sec.TLS.profile.1.deviceCert="Application1" reg.1.server.1.address="[SIP-Registrar IP]" sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY----- " /> </PHONE_CONFIG>
TLS configuration from web GUI:
I set the OSV root certificate as Application CA 1 and the client certificate as Application Credential 1. Both were accepted as valid by the SoundStation.
Assigned both certificates a profile and set SIP to the pofile. I disabled Common Name Validation.
I already consulted the Polycom-SEN test protocols concerning IP6000 on OSV but it was somewhat vague which items you have to configure.
"Change the OpenScape Voice subscriber settings so that
Digest Authentication is required for the
registration. Verify that the phone does not register."
"Add the information for Digest Authentication to the
test phone settings via web GUI and verify that the
phone registers."
Doesn't really tell me what has to be done.
I am able to trace that both the SoundStation and the OSV try to exchange certificates but for some reason it fails.
Any help or ideas as to why that might be are very welcome.
Thank you
Solved! Go to Solution.
Accepted Solutions
01-31-2013 07:59 AM
Hello,
the comment was meant if copy&pasting into a configuration file.
A correct Cert will have the correct supported formatting.
Your logs should show the issue and you may need to work with Siemens to get a ticket raised with Polycom.
Best regards
Steffen Baier
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.
Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
01-31-2013 05:20 AM
Hello tmmVoice,
I would suggest you set CURL and TLS both to a log level 3 and check the Log files.
It is important that the certificate does not contain any carriage return (CR) or line feeds (LF).
Have a look => here <= for an 802.1x example
Best Regards
Steffen Baier
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.
Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
01-31-2013 07:29 AM
Thanks for your reply.
It is important that the certificate does not contain any carriage return (CR) or line feeds (LF).
As far as I know, .pem files(which I use) are expected to contain LFs. Do these count towards this restriction?
When I remove the line breaks from the sec.tls.customDeviceCert.1 value in the configuration file the device does not recognise the value.
01-31-2013 07:59 AM
Hello,
the comment was meant if copy&pasting into a configuration file.
A correct Cert will have the correct supported formatting.
Your logs should show the issue and you may need to work with Siemens to get a ticket raised with Polycom.
Best regards
Steffen Baier
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.
Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
Didn't find what you were looking for? Ask the community