Plantronics + Polycom. Now together as Poly Logo

Using a custom certificate and private key for the integrated webserver?

Occasional Contributor

Using a custom certificate and private key for the integrated webserver?

Hi,

 

I have a VVX 601 phone with UC Software Version 6.1.0.6189. I have my own CA which creates private keys and certificates for the phones. I have installed the phone and CA certificate on the phone via the provisioning server with these settings:

device.sec.TLS.customCaCert1.set="1"
device.sec.TLS.customCaCert1="..."
device.sec.TLS.customDeviceCert1.set="1"
device.sec.TLS.customDeviceCert1.publicCert="..."
device.sec.TLS.customDeviceCert1.privateKey="..."
device.sec.TLS.profile.caCertList1="Platform1"
device.sec.TLS.profile.deviceCert1="Platform1"

It looks like this was successful as I can see the certificate info and fingerprint in the Advanced > TLS >... Menu on the phone and I don't see certificate error messages in the log of the phone when the config is provisioned.

 

I want to use the webserver integrated on the phone for pushing URLs and the REST API. But I'm struggling to make the integrated webserver on the phone use the custom certificate I uploaded.

 

I have seen options like "sec.TLS.profileSelection.browser" which allow to select a TLS profile for some applications. It looks to me like this is the way to configure the phone to use a specific profile and in turn certificate for specific applications.

But it seems like there is no config value like "sec.TLS.profileSelection.webServer" to select the certificate used for the web server.

 

So how do I change the certificate and private key used for the integrated webserver?

 

Thanks.

 

Message 1 of 2
1 REPLY 1
Occasional Contributor

Re: Using a custom certificate and private key for the integrated webserver?

I tried some more to get my custom certificate configured for use with the integrated webserver. Unfortunately I couldn't find a way to make it work yet.

 

I tried to not import a finished private key & certificate, but create a CSR and have that signed. I got the certificate installed, but still can't use it for the integrated webserver.

 

Attached are two screenshots from the web ui of the phone that show the problem in some more detail. The points marked with the red arrows are where I would expect an option to change the certificate somehow, but they are empty or static.

 

I would really appreciate some help in how to get my certificates activated for use with the integrated webserver.

 

Without being able to install certificates with the Common Name field matching the actual dns hostnames of the phones, I'd have to implement a complete custom TLS certificate check routine for the calls to the REST API and URL push in my programs and I'd really like to avoid that.