Plantronics + Polycom. Now together as Poly Logo

fail to install customCaCert1 via sys.cfg

Highlighted
Occasional Advisor

fail to install customCaCert1 via sys.cfg

Hello,

been trying to get a phone (SPIP 335) running 4.0.1.ld to install a custom root ca. we are running a private network and installing a cert on every phone is impossible, but installing one on the SBC is managable. our root.ca authenticates the sbc cer.

I have added the information to the sys.cfg and the ca does not show up on the web under Settings > Network > TLS > Application Ca 1. nor does it show up when I do an export configuration.

If I go to Utilities > import & export configuration > import configuration > choose file "sys.cfg" and click import it installs the Ca.
I'm sure I have other settings missing to get TLS working between the phone(s) and the SBC, but still wonder why the ca will install manually but not via reboot, even though it is the same file from the same place.
app logs show no errors when installing the sys.cfg

 

</voIpProt>
<sec.TLS.customCaCert sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE----- blah blah text with no returns, spaces, or any other crap. "clean cert" -----END CERTIFICATE----- ">
<device.sec.TLS.customCaCert1 device.sec.TLS.customCaCert1.set="1"/>
</sec.TLS.customCaCert>
</polycomConfig>
Message 1 of 8
7 REPLIES 7
Highlighted
Polycom Employee & Community Manager

Re: fail to install customCaCert1 via sys.cfg

Hello BradBros,

welcome back to the Polycom Community.

Try this example here and as far as I am aware you do need CRLF

 

<Cert sec.TLS.profileSelection.SIP="ApplicationProfile1" sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE-----
MIID2TCCAsGgAwIBAgIJANMzoONuWXwYMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
VQQGEwJHQjETMBEGA1UECAwKU29tZS1TdGF0ZTEPMA0GA1UEBwwGTG9uZG9uMREw
/mQRczi/nsrE9nvYB1drK8m7Wn20eDM2+QNBAhlYAwkOqUhRjx7ExoirUkoCmye4
YGQ//Jwdku9szsFAkz6cVoilkCAnhErl4v+de38=
-----END CERTIFICATE-----" />
</PHONE_CONFIG>

Above is an example with some part of the cert removed.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 8
Highlighted
Occasional Advisor

Re: fail to install customCaCert1 via sys.cfg

thanks for the reply, but that still didn't get it installed.

I do have the ca sitting on a web server and I can manually add by entering the http://fqdn of the ca. be nice if I could tell the phone via the config where to go get it.

also the addition you provided did not import manually either.

 

also any ideas why the phone regects device.sec.TLS.customCaCert1   in the configuration files?

 

 

 

 

Message 3 of 8
Highlighted
Polycom Employee & Community Manager

Re: fail to install customCaCert1 via sys.cfg

Hello Hello BradBros,,

I did test this myself today on a SPIP 650 and it works as expected.

 

Most likely some XML formatting error on your end. You can set the TLS logs to a lower level and then check the logs.

 

If above fails please work with your Polycom reseller and/or Polycom support directly.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 8
Highlighted
Occasional Advisor

Re: fail to install customCaCert1 via sys.cfg

just did a backup and exported the information to my xml editor and the root.ca is showing up in the text, it just never shows up in the browser. I fi do an export configuration the Ca doesn't show up either.

 what xml editor do you use.

Message 5 of 8
Highlighted
Polycom Employee & Community Manager

Re: fail to install customCaCert1 via sys.cfg

Hi,

 

I attached my example file loaded via the <mac>.cfg

 

Usually XML Notepad from Microsoft or Notepad++

 

Best Regards

 

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 6 of 8
Highlighted
Occasional Advisor

Re: fail to install customCaCert1 via sys.cfg

i found an anomoly,

I pasted my cert in the file you sent me and named it so the phone was able to retrieve it. no issues and thanks.

I use XML notepad also.

when I click on settings > Network > TLS the Application CA 1 is blank.

IF I hit "reset to Default" at the bottom of the TLS page the MD5 Fingerprint shows up for Application CA 1 .

I used my older files and it does the same thing.

 

does this mean I have another setting incorrect or...?

Message 7 of 8
Highlighted
Polycom Employee & Community Manager

Re: fail to install customCaCert1 via sys.cfg

Hello Hello BradBros,

 

i suggest its now time to contact your Polycom reseller and/or Polycom support.

 

Best regards

 

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 8 of 8