[UPDATE] Update to ZTP Certificates Technical Notification 117101
This technical notification provides important information regarding certificate changes to be made to the Polycom Zero Touch Provisioning (ZTP) system, due to be implemented in the first half of 2016
The above was actioned on the 21/June/2016
As of January 2016, support for new SHA-1 certificates will be ended, and all certificate authorities will cease to issue SHA-1 based certificates. Existing SHA-1 certificates will remain valid until their expiration date, but no new SHA-1 certificates will be issued. All users of SHA-1 certificates will be expected to migrate to SHA-2 to ensure that no interruption to service is seen due to expiring certificates.
All Polycom phones that are registered with the Zero Touch Provisioning (ZTP) system currently make use of a SHA-1 certificate when establishing authentication between the phone and ZTP server. All Polycom phones shipped from the factory include the appropriate certificate for ZTP authentication. However, in the event of a certificate mismatch, the phone will not be authenticated and the ZTP service will not provide redirection information. This will be the case if even if the MAC address of the phone has successfully been stored within the ZTP system.
It is Polycom's intent to migrate the ZTP system to use SHA-2 certificates to support authentication. The timing of this change and potential impacts to the ZTP service is the subject of this Technical Notification.
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels. Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's