I've been provisioning the config files for this phones, and a few others. I've managed to set up a good script to provision many parameters, and values fairly easily.
The only thing I don't get, or understand fully i should say, is changing the transport to TLS.
I see that the phone, needs port 5061, and I've enabled a bunch of STRP values and set them.
Do I need to do anthing else in terms of certificates? like, upload the server certificate to the phone, or vise versa??
With our grandstreams we've been setting the transport to TLS in the scripts, then the phone negotiates the server and we don't have to configure the phone at all apart from defining that the transport should be TLS, and enabling SRTP.
Does anybody know? I have been messing round with this for days now.
Many, many thanks,
welcome to the Polycom Community.
The community's VoIP FAQ contains this post here:
Apr 17, 2013 Question: How can I setup a TLS connection for SIP signaling and / or troubleshoot this?
Resolution: Please check => here <=
Please ensure you always check the community FAQ and/or utilize the community search before posting any new topics or follow up posts.
In regards of certificates you may want to look at:
Jan 27, 2015 Question:How can I verify the certificate Validity Period used with the Polycom VVX Business Media Phone software?
Resolution: Please check this post => here <=
The above leads to a link which host's the Polycom® Engineering Advisories and Technical Notifications and has all the Certificate Updates For Polycom® UC Software listed by newer Software Version.
It allows you to check if your certificate provider is already a trusted certificate.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services
Many thanks for your reply.
I've seen the first answer a few times before, and have noted how to import the certificate on the phone, and also know how to provision this.
The second post, the link doesn't work - 'consona.polycom.com’s server DNS address could not be found.'
My question really, is can one transport by TLS without uploading the certificate on the phone