Thanks for the clarification. I have looked at Polycom's website and saw which phones have the latest firmware (or at least a firmware that supports TLS) available.
Didn't get around to the testing with the chained certificate but will try again this evening. > >>>>>> * And, is it necessary to use both my server specific certificate and >>>>>> the intermediate certificate on the telephones or will the telephones >>>>>> only require the server specific certificate? >>>>> The phones should already have the root certificate for Geotrust, you >>>>> should not deploy intermediate roots into the phones if you can >>>>> avoid it >>>> If I understand this correctly (and the other emails you sent), the >>>> Polycom does not need any preloaded certificates / keys, it will ask the >>>> CA and then evaluate the certificate provided by Asterisk during TLS >>>> setup; is that correct? Makes it much easier. (Unfortunately my Polycom >>>> is a bit old so I will have to see if I can upgrade it.) > > > > By `preloaded', I mean you should not have to load any certificates or > key pairs manually into the phones > > The phones should have the default CA certs that come in the firmware > > Most recent Polycom phones also have a client certificate and private > key built in. This allows you to secure the provisioning process. > > Some of the older Polycoms went end-of-life, some don't have client > certs built in, so you'll have to research all that carefully on their > support site. E.g. the IP 300, IP 430 and IP 500 are too old for proper > TLS, while the IP321, IP 450 and IP550 are good > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users