• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Locked

‎10-25-2019 09:30 AM

HP Recommended

Hi,

 

I have a VVX 601 phone with UC Software Version 6.1.0.6189. I have my own CA which creates private keys and certificates for the phones. I have installed the phone and CA certificate on the phone via the provisioning server with these settings:

device.sec.TLS.customCaCert1.set="1"
device.sec.TLS.customCaCert1="..."
device.sec.TLS.customDeviceCert1.set="1"
device.sec.TLS.customDeviceCert1.publicCert="..."
device.sec.TLS.customDeviceCert1.privateKey="..."
device.sec.TLS.profile.caCertList1="Platform1"
device.sec.TLS.profile.deviceCert1="Platform1"

It looks like this was successful as I can see the certificate info and fingerprint in the Advanced > TLS >... Menu on the phone and I don't see certificate error messages in the log of the phone when the config is provisioned.

 

I want to use the webserver integrated on the phone for pushing URLs and the REST API. But I'm struggling to make the integrated webserver on the phone use the custom certificate I uploaded.

 

I have seen options like "sec.TLS.profileSelection.browser" which allow to select a TLS profile for some applications. It looks to me like this is the way to configure the phone to use a specific profile and in turn certificate for specific applications.

But it seems like there is no config value like "sec.TLS.profileSelection.webServer" to select the certificate used for the web server.

 

So how do I change the certificate and private key used for the integrated webserver?

 

Thanks.

 

1 REPLY 1

‎10-30-2019 04:21 AM

HP Recommended

I tried some more to get my custom certificate configured for use with the integrated webserver. Unfortunately I couldn't find a way to make it work yet.

 

I tried to not import a finished private key & certificate, but create a CSR and have that signed. I got the certificate installed, but still can't use it for the integrated webserver.

 

Attached are two screenshots from the web ui of the phone that show the problem in some more detail. The points marked with the red arrows are where I would expect an option to change the certificate somehow, but they are empty or static.

 

I would really appreciate some help in how to get my certificates activated for use with the integrated webserver.

 

Without being able to install certificates with the Common Name field matching the actual dns hostnames of the phones, I'd have to implement a complete custom TLS certificate check routine for the calls to the REST API and URL push in my programs and I'd really like to avoid that.

 

Was this reply helpful? Yes No
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.