I've installed the following chain of Polycom CAs in SipX (not via GUI though) downloaded from http://pki.polycom.com/pki/
Polycom Root CA.crt Polycom Equipment Policy CA.crt Polycom Equipment Issuing CA 1.crt Maybe I shall install the last one as well, the "Polycom Issuing CA 2". I've also, as mentioned, installed the SipX self-signed CA onto the Polycom phone using the info in the SipX Wiki. The Wiki does not describe the procedure of installing the Polycom Root CA in order to use TLS. It only talks about getting the SipX CA cert onto the Polycom phone. What is required? Do we really use mutual TLS authentication, or only server based authentication (client authenticates server by installing the CA cert of SipX)? Is anyone running SIP over TLS for Polycom phones? //Staffan On 13 apr 2011, at 15.08, Joegen Baclor wrote: > I have proposed being able to upload phone CA via the config. I know there > are several CA for Polycom as documented in the site. Decrypt Error seems to > indicate that you have uploaded the wrong CA signature than what your phone > is sending. We need to pull some strings in Polycom to get into the bottom > of this. Perhaps one with subscription support? > > On 04/13/2011 07:58 PM, Staffan Kerker wrote: >> >> Hi all, >> >> I'm trying to get TLS working properly between the connected endpoints >> (Polycom Soundpoint IP335) and the SipXproxy. No firewalls/NAT or anything >> inbetween. >> >> I'm running v3.2.5 on the Polycoms and SipXecs version 4.4.0- >> 2011-04-01EDT23:24:23 domU-12-31-39-0E-DD-81 >> >> I have followed the guide provided on the Wiki >> (http://wiki.sipfoundry.org/display/sipXecs/Installing+the+Root+CA+Server+Certificate+on+the+Polycom+Phone) >> and >> (http://wiki.sipfoundry.org/display/sipXecs/Polycom+Phone+using+sipXecs+TLS+transport) >> but still, no sucess. The polycom UI tells me that the SipX CA ceritifate >> is installed >> successfully on the phone and I've tried both using "All Certificates" and >> "Custom Certificates" in the Polycom settings. >> >> However, no TLS. I look at the Wireshark traces and notice the the TLS >> handshake is failing since (as far as I understand it) the Polycom is not >> sending the correct client certificate to the >> server. After server has sent Certificate, Certificate Request and >> ServerHelloDone, the Polycom responds with a Certificate message containing >> the Polycom certificates, not the by SipX >> generated (and on the Polycom installed) certificate. This ends with a Fatal >> Error and the Polycom falls back to TCP. >> >> First, the error was "Unknown CA" but after installing the Polycom chain of >> root CA on SipX, it's now "Decrypt Error"... But the guide says nothing >> about the need to install the Polycom device >> Root CA on the SipX server in this situation. >> >> I'm confused... and would be very happy with some guidance... >> >> //Staffan >> >> >> >> >> -- >> Staffan Kerker >> mail/sip/xmpp: staf...@kerker.se >> >> "Don't get involved in politics man, just play the gig..." /Sgt Floyd, >> Electric Mayhem Band >> >> >> >> >> >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Staffan Kerker mail/sip/xmpp: staf...@kerker.se "Don't get involved in politics man, just play the gig..." /Sgt Floyd, Electric Mayhem Band
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/