Hi all, I'm trying to get TLS working properly between the connected endpoints (Polycom Soundpoint IP335) and the SipXproxy. No firewalls/NAT or anything inbetween.
I'm running v3.2.5 on the Polycoms and SipXecs version 4.4.0- 2011-04-01EDT23:24:23 domU-12-31-39-0E-DD-81 I have followed the guide provided on the Wiki (http://wiki.sipfoundry.org/display/sipXecs/Installing+the+Root+CA+Server+Certificate+on+the+Polycom+Phone) and (http://wiki.sipfoundry.org/display/sipXecs/Polycom+Phone+using+sipXecs+TLS+transport) but still, no sucess. The polycom UI tells me that the SipX CA ceritifate is installed successfully on the phone and I've tried both using "All Certificates" and "Custom Certificates" in the Polycom settings. However, no TLS. I look at the Wireshark traces and notice the the TLS handshake is failing since (as far as I understand it) the Polycom is not sending the correct client certificate to the server. After server has sent Certificate, Certificate Request and ServerHelloDone, the Polycom responds with a Certificate message containing the Polycom certificates, not the by SipX generated (and on the Polycom installed) certificate. This ends with a Fatal Error and the Polycom falls back to TCP. First, the error was "Unknown CA" but after installing the Polycom chain of root CA on SipX, it's now "Decrypt Error"... But the guide says nothing about the need to install the Polycom device Root CA on the SipX server in this situation. I'm confused... and would be very happy with some guidance... //Staffan -- Staffan Kerker mail/sip/xmpp: [email protected] "Don't get involved in politics man, just play the gig..." /Sgt Floyd, Electric Mayhem Band
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
