Plantronics + Polycom. Now together as Poly Logo

SoundStation IP 6000 on OSV V6 via TLS + custom certificates

SOLVED
Highlighted
Occasional Contributor

SoundStation IP 6000 on OSV V6 via TLS + custom certificates

Hi all,

 

I am currently trying to register a Polycom SoundStation IP 6000 at an OpenScape Voice V6 via TLS + certificates.

 

This is my current result:

0131104645|sip  |4|03|Server certificate verification failed, Untrusted Cetificate
0131104645|sip  |4|03|MakeTlsConnection: SSL_connect error 1
0131104645|sip  |4|03|MakeTlsConnection: connection failed error -1

 

MAC-phone.cfg (some information redacted) :

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Application SIP Mink 4.0.1.13681 29-Nov-11 17:51 -->
<!-- Created 31-01-2013 10:04 -->
<PHONE_CONFIG>
	<OVERRIDES
		device.auth.localAdminPassword="[Password]"
		device.auth.localAdminPassword.set="1"
		device.set="1"
		tcpIpApp.sntp.address="[SNTP IP Address]"
		tcpIpApp.sntp.gmtOffset="3600"
		reg.1.address="[e.164 phone number]"
		reg.1.auth.password="[password]"
		reg.1.auth.userId="[e.164 phone number]"
		reg.1.label="[e.164 phone number]"
		sec.TLS.customDeviceCert.1="-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----"
		sec.TLS.customDeviceKey.1="-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----"
		sec.TLS.profile.1.deviceCert="Application1"
		reg.1.server.1.address="[SIP-Registrar IP]"
		sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
"
	/>
</PHONE_CONFIG>

 

TLS configuration from web GUI:

 

 

 

I set the OSV root certificate as Application CA 1 and the client certificate as Application Credential 1. Both were accepted as valid by the SoundStation.

Assigned both certificates a profile and set SIP to the pofile. I disabled Common Name Validation.

 

 

 

I already consulted the Polycom-SEN test protocols concerning IP6000 on OSV but it was somewhat vague which items you have to configure.

"Change the OpenScape Voice subscriber settings so that

Digest Authentication is required for the

registration. Verify that the phone does not register."

"Add the information for Digest Authentication to the

test phone settings via web GUI and verify that the

phone registers."

Doesn't really tell me what has to be done.

 

I am able to trace that both the SoundStation and the OSV try to exchange certificates but for some reason it fails.

 

Any help or ideas as to why that might be are very welcome.

 

Thank you

Message 1 of 4
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Polycom Employee & Community Manager

Re: SoundStation IP 6000 on OSV V6 via TLS + custom certificates

Hello,

 

the comment was meant if copy&pasting into a configuration file.

 

A correct Cert will have the correct supported formatting.

 

Your logs should show the issue and you may need to work with Siemens to get a ticket raised with Polycom.

 

Best regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 4 of 4
3 REPLIES 3
Highlighted
Polycom Employee & Community Manager

Re: SoundStation IP 6000 on OSV V6 via TLS + custom certificates

Hello tmmVoice,

 

I would suggest you set CURL and TLS both to a log level 3 and check the Log files.

 

It is important that the certificate does not contain any carriage return (CR) or line feeds (LF).

 

Have a look => here <= for an 802.1x example

 

Best Regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 4
Occasional Contributor

Re: SoundStation IP 6000 on OSV V6 via TLS + custom certificates

Thanks for your reply.

 

 

It is important that the certificate does not contain any carriage return (CR) or line feeds (LF).

 

As far as I know, .pem files(which I use) are expected to contain LFs. Do these count towards this restriction?

When I remove the line breaks from the sec.tls.customDeviceCert.1 value in the configuration file the device does not recognise the value.

Message 3 of 4
Highlighted
Polycom Employee & Community Manager

Re: SoundStation IP 6000 on OSV V6 via TLS + custom certificates

Hello,

 

the comment was meant if copy&pasting into a configuration file.

 

A correct Cert will have the correct supported formatting.

 

Your logs should show the issue and you may need to work with Siemens to get a ticket raised with Polycom.

 

Best regards

 

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 4 of 4