• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

 

I've got three Soundpoint IP560 phones.

 

I created a script to create custom device certificates for them.

 

I successfully installed the certificates in two of the phones.

 

In the third phone, I get an error.

 

I create the certificates using RSA, 2048 bits, SHA256 (I also tried SHA1).

 

I put the CN=(MAC address) for each certificate, just like factory installed certificates.

 

For EKU, I enable TLS Server and TLS Client

 

All certificates are identical except for the MAC address.

 

I go into the web admin for each phone and give it the URL of the server with the certificate.  In the web server log, I see that the phone is retreiving the certificate and the HTTP response code is 200.

 

A popup message appears in web admin:

 

     Information

 

     Invalid certificate download request.

 

I looked in the diagnostic log for the phone and observed the following:

 

175339.992|tls |4|03|Device credential invalid: Device credentials not proper in the certificate

 

Here are more details about the phone:

 

000016.462|so |*|03|Platform: Model=SoundPoint IP 560, Assembly=2345-12560-001 Rev=A Region=
000016.462|so |*|03|Platform: Interface eth0 MAC=0004f2......
000016.462|so |*|03|Platform: BootBlock=3.0.2.0024 (12560-001) 30-Nov-10 15:01
000016.462|so |*|03|Platform: Updater=5.1.1.0132 13-Jul-15 18:16
000016.462|so |*|03|Application, main: Label=SIP, Version=PrairieDog 4.1.1.0731 19-Jul-15 19:59
000016.462|so |*|03|Application, main: P/N=3150-11530-411

 

 

What does this error mean?

 

Is there anything else I should check?

 

I tried regenerating the keypairs and certificates several times and it always works for two of the phones and always fails for the third phone.

 

 

3 REPLIES 3
HP Recommended

Hello pocock,

as you are already on a UC Software 4.x.x build you can simply export the working phones configuration and check these against each other.

 

Btw. UC Software 4.1.1 is for LYNC only and not for SIP just in case you using them for SIP. The correct software for these is 4.0.11

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

 

I completely reset all three phones to factory defaults and formatted the filesystems before I started trying to install the certificates, so they should all be in an identical state, shouldn't they?

 

What method do you suggest I use to extract the runtime confirmation for comparison?

 

 

I will try changing them all to 4.0.11, thanks for pointing this out.  Even so, I don't think that is related to this problem, this problem only concerns client certificate installation.

 

 Have you seen any fault in any other phone that prevents it accepting a client certificate like this?

HP Recommended

Hello pocock,

I have not seen any issue but my free "support" in here only goes so far.

 

I suggest you test this and lower the TLS logging and see if you can spot anything and then simply open a ticket.


In order to raise a support ticket you need to work with your Polycom reseller as they need to do this for you. In case this is some sort of an Internet discounter please post your phone's MAC address so I can look up who would be able to support you.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.