• Polycom phone with a certificate installed at the factory. To verify that the certificate is installed, on the Polycom phone, press the Menu button, and then select Status > Platform > Phone. If a certificate is installed, “Device Certificate: Installed” will be listed. If a certificate is not installed, “Device Certificate: Not Installed” will be listed. • Polycom Root CA certificate, available at http://pki.polycom.com/pki/Polycom%20Root%20CA.crt.
On Wed, Apr 13, 2011 at 10:30 AM, Tony Graziano <tgrazi...@myitdepartment.net> wrote: > I would assume (I may be wrong) that the CA used to secure TLS with > the phone would require the phone conifg to specify the certificate > AND have the certiciate loaded in the phone. (i.e. use this on, here > it is). Have you checked the cfg files to see the certificate is > specified? > > > > On Wed, Apr 13, 2011 at 10:19 AM, Staffan Kerker <ietf-li...@kerker.se> wrote: >> I've installed the following chain of Polycom CAs in SipX (not via GUI >> though) downloaded from http://pki.polycom.com/pki/ >> >> Polycom Root CA.crt >> >> Polycom Equipment Policy CA.crt >> >> Polycom Equipment Issuing CA 1.crt >> >> Maybe I shall install the last one as well, the "Polycom Issuing CA 2". I've >> also, as mentioned, installed the SipX self-signed CA onto the Polycom phone >> using the info in the SipX Wiki. The Wiki does not describe the procedure of >> installing the Polycom Root CA in order to use TLS. It only talks about >> getting the SipX CA cert onto the Polycom phone. What is required? Do we >> really use mutual TLS authentication, or only server based authentication >> (client authenticates server by installing the CA cert of SipX)? >> Is anyone running SIP over TLS for Polycom phones? >> //Staffan >> >> >> >> >> On 13 apr 2011, at 15.08, Joegen Baclor wrote: >> >> I have proposed being able to upload phone CA via the config. I know there >> are several CA for Polycom as documented in the site. Decrypt Error seems >> to indicate that you have uploaded the wrong CA signature than what your >> phone is sending. We need to pull some strings in Polycom to get into the >> bottom of this. Perhaps one with subscription support? >> >> On 04/13/2011 07:58 PM, Staffan Kerker wrote: >> >> Hi all, >> >> I'm trying to get TLS working properly between the connected endpoints >> (Polycom Soundpoint IP335) and the SipXproxy. No firewalls/NAT or anything >> inbetween. >> >> I'm running v3.2.5 on the Polycoms and SipXecs version 4.4.0- >> 2011-04-01EDT23:24:23 domU-12-31-39-0E-DD-81 >> >> I have followed the guide provided on the Wiki >> (http://wiki.sipfoundry.org/display/sipXecs/Installing+the+Root+CA+Server+Certificate+on+the+Polycom+Phone) >> and >> (http://wiki.sipfoundry.org/display/sipXecs/Polycom+Phone+using+sipXecs+TLS+transport) >> but still, no sucess. The polycom UI tells me that the SipX CA ceritifate is >> installed >> successfully on the phone and I've tried both using "All Certificates" and >> "Custom Certificates" in the Polycom settings. >> >> However, no TLS. I look at the Wireshark traces and notice the the TLS >> handshake is failing since (as far as I understand it) the Polycom is not >> sending the correct client certificate to the >> server. After server has sent Certificate, Certificate Request and >> ServerHelloDone, the Polycom responds with a Certificate message containing >> the Polycom certificates, not the by SipX >> generated (and on the Polycom installed) certificate. This ends with a Fatal >> Error and the Polycom falls back to TCP. >> >> First, the error was "Unknown CA" but after installing the Polycom chain of >> root CA on SipX, it's now "Decrypt Error"... But the guide says nothing >> about the need to install the Polycom device >> Root CA on the SipX server in this situation. >> >> I'm confused... and would be very happy with some guidance... >> >> //Staffan >> >> >> >> >> -- >> Staffan Kerker >> mail/sip/xmpp: staf...@kerker.se >> >> "Don't get involved in politics man, just play the gig..." /Sgt Floyd, >> Electric Mayhem Band >> >> >> >> >> >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> -- >> Staffan Kerker >> mail/sip/xmpp: staf...@kerker.se >> "Don't get involved in politics man, just play the gig..." /Sgt Floyd, >> Electric Mayhem Band >> >> >> >> >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: tgrazi...@voice.myitdepartment.net > Fax: 434.326.5325 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: helpd...@voice.myitdepartment.net > > Helpdesk Contract Customers: > http://support.myitdepartment.net > Blog: > http://blog.myitdepartment.net > > Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.326.5325 Email: tgrazi...@myitdepartment.net LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Contract Customers: http://support.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/