• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

Hello,

been trying to get a phone (SPIP 335) running 4.0.1.ld to install a custom root ca. we are running a private network and installing a cert on every phone is impossible, but installing one on the SBC is managable. our root.ca authenticates the sbc cer.

I have added the information to the sys.cfg and the ca does not show up on the web under Settings > Network > TLS > Application Ca 1. nor does it show up when I do an export configuration.

If I go to Utilities > import & export configuration > import configuration > choose file "sys.cfg" and click import it installs the Ca.
I'm sure I have other settings missing to get TLS working between the phone(s) and the SBC, but still wonder why the ca will install manually but not via reboot, even though it is the same file from the same place.
app logs show no errors when installing the sys.cfg

 

</voIpProt>
<sec.TLS.customCaCert sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE----- blah blah text with no returns, spaces, or any other crap. "clean cert" -----END CERTIFICATE----- ">
<device.sec.TLS.customCaCert1 device.sec.TLS.customCaCert1.set="1"/>
</sec.TLS.customCaCert>
</polycomConfig>
7 REPLIES 7
HP Recommended

Hello BradBros,

welcome back to the Polycom Community.

Try this example here and as far as I am aware you do need CRLF

 

<Cert sec.TLS.profileSelection.SIP="ApplicationProfile1" sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE-----
MIID2TCCAsGgAwIBAgIJANMzoONuWXwYMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
VQQGEwJHQjETMBEGA1UECAwKU29tZS1TdGF0ZTEPMA0GA1UEBwwGTG9uZG9uMREw
/mQRczi/nsrE9nvYB1drK8m7Wn20eDM2+QNBAhlYAwkOqUhRjx7ExoirUkoCmye4
YGQ//Jwdku9szsFAkz6cVoilkCAnhErl4v+de38=
-----END CERTIFICATE-----" />
</PHONE_CONFIG>

Above is an example with some part of the cert removed.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

thanks for the reply, but that still didn't get it installed.

I do have the ca sitting on a web server and I can manually add by entering the http://fqdn of the ca. be nice if I could tell the phone via the config where to go get it.

also the addition you provided did not import manually either.

 

also any ideas why the phone regects device.sec.TLS.customCaCert1   in the configuration files?

 

 

 

 

HP Recommended

Hello Hello BradBros,,

I did test this myself today on a SPIP 650 and it works as expected.

 

Most likely some XML formatting error on your end. You can set the TLS logs to a lower level and then check the logs.

 

If above fails please work with your Polycom reseller and/or Polycom support directly.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

just did a backup and exported the information to my xml editor and the root.ca is showing up in the text, it just never shows up in the browser. I fi do an export configuration the Ca doesn't show up either.

 what xml editor do you use.

HP Recommended

Hi,

 

I attached my example file loaded via the <mac>.cfg

 

Usually XML Notepad from Microsoft or Notepad++

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

i found an anomoly,

I pasted my cert in the file you sent me and named it so the phone was able to retrieve it. no issues and thanks.

I use XML notepad also.

when I click on settings > Network > TLS the Application CA 1 is blank.

IF I hit "reset to Default" at the bottom of the TLS page the MD5 Fingerprint shows up for Application CA 1 .

I used my older files and it does the same thing.

 

does this mean I have another setting incorrect or...?

HP Recommended

Hello Hello BradBros,

 

i suggest its now time to contact your Polycom reseller and/or Polycom support.

 

Best regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.