Plantronics + Polycom. Now together as Poly Logo

VVX-250 rejecting CA certificate chain

SOLVED
Highlighted
Occasional Contributor

VVX-250 rejecting CA certificate chain

Hello;

I have VVX phones (purchased through a**zon.com, so not supported)

 

My VIOP Provider is using metaswitch, and when I purchased and set up these phones, ZTP worked fine and I could update configurations and Provision new phones. Sometime in May, ZTP started failing because my phones were rejecting the CA cert or chain.

here is a snip of the log from my phone, can anyone make sense of this: [SCRUBBED DATA in Brackets]

 

0624143042|curl |3|00|Connected to [myprovider.tftpserver.com] ([XXX.XXX.XXX.XXX]) port 443 (#0)
0624143042|curl |3|00|successfully set certificate verify locations:
0624143042|curl |3|00| CAfile: /ffs0/ca1.crt
CApath: none
0624143042|curl |3|00|SSLv3, TLS Unknown, Unknown (22):
0624143042|curl |0|00|SSL DATA_OUT: Data of len 5 not displayed
0624143042|curl |3|00|SSLv3, TLS handshake, Client hello (1):
0624143042|curl |0|00|SSL DATA_OUT: Data of len 212 not displayed
0624143042|curl |3|00|SSLv2, Unknown (22):
0624143042|curl |0|00|SSL DATA_IN: Data of len 5 not displayed
0624143042|curl |3|00|SSLv3, TLS handshake, Server hello (2):
0624143042|curl |0|00|SSL DATA_IN: Data of len 66 not displayed
0624143042|curl |3|00|SSLv2, Unknown (22):
0624143042|curl |0|00|SSL DATA_IN: Data of len 5 not displayed
0624143042|curl |3|00|SSLv3, TLS handshake, CERT (11):
0624143042|curl |0|00|SSL DATA_IN: Data of len 4779 not displayed
0624143042|curl |3|00|SSLv2, Unknown (21):
0624143042|curl |0|00|SSL DATA_OUT: Data of len 5 not displayed
0624143042|curl |3|00|SSLv3, TLS alert, Server hello (2):
0624143042|curl |0|00|SSL DATA_OUT: Data of len 2 not displayed
0624143042|curl |3|00|SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Message 1 of 2
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Polycom Employee & Community Manager

Re: VVX-250 rejecting CA certificate chain

Hello @Unk0wn1 ,

Your post ended up in the Spam Filter so I moved this here. Please ensure to use Code Tags when posting logs as explained >here<

 

In addition, as explained >here<:

 

  • In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

    End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here

    If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

 

The shared logs and the levels used do not show much information but historically the only certificate that expired in May 2020 was the built-in AddTrust/Sectigo.

 

We discussed this >here< and >here< and >here<

 

I have attached a configuration that you can download, unzip and import via the Web Interface Utilities > Import & Export Configuration > Import Configuration


Best Regards

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

1 REPLY 1
Highlighted
Polycom Employee & Community Manager

Re: VVX-250 rejecting CA certificate chain

Hello @Unk0wn1 ,

Your post ended up in the Spam Filter so I moved this here. Please ensure to use Code Tags when posting logs as explained >here<

 

In addition, as explained >here<:

 

  • In order to raise a support ticket, you need to work with your Poly reseller as they may need to do this for you.

    End Customers are usually unable to open a ticket directly with Poly support. Available End User Poly services offerings are detailed here

    If this is some sort of an Internet discounter providing your MAC address or your Poly devices serial will enable us to look up who would be able to support you. This may not be who you purchased the Poly device from.

 

The shared logs and the levels used do not show much information but historically the only certificate that expired in May 2020 was the built-in AddTrust/Sectigo.

 

We discussed this >here< and >here< and >here<

 

I have attached a configuration that you can download, unzip and import via the Web Interface Utilities > Import & Export Configuration > Import Configuration


Best Regards

Steffen Baier

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post