Re: [sipx-users] Still Polycom and TLS issues

Wed, 13 Apr 2011 06:09:23 -0700

I have proposed being able to upload phone CA via the config. I know there are several CA for Polycom as documented in the site. Decrypt Error seems to indicate that you have uploaded the wrong CA signature than what your phone is sending. We need to pull some strings in Polycom to get into the bottom of this. Perhaps one with subscription support? 

On 04/13/2011 07:58 PM, Staffan Kerker wrote:

Hi all,

I'm trying to get TLS working properly between the connected endpoints (Polycom 
Soundpoint IP335) and the SipXproxy. No firewalls/NAT or anything inbetween.

I'm running v3.2.5 on the Polycoms and SipXecs version 4.4.0- 
2011-04-01EDT23:24:23 domU-12-31-39-0E-DD-81

I have followed the guide provided on the Wiki 
(http://wiki.sipfoundry.org/display/sipXecs/Installing+the+Root+CA+Server+Certificate+on+the+Polycom+Phone)
 and 
(http://wiki.sipfoundry.org/display/sipXecs/Polycom+Phone+using+sipXecs+TLS+transport)
 but still, no sucess. The polycom UI tells me that the SipX CA ceritifate is 
installed
successfully on the phone and I've tried both using "All Certificates" and "Custom 
Certificates" in the Polycom settings.

However, no TLS. I look at the Wireshark traces and notice the the TLS 
handshake is failing since (as far as I understand it) the Polycom is not 
sending the correct client certificate to the
server. After server has sent Certificate, Certificate Request and 
ServerHelloDone, the Polycom responds with a Certificate message containing the 
Polycom certificates, not the by SipX
generated (and on the Polycom installed) certificate. This ends with a Fatal 
Error and the Polycom falls back to TCP.

First, the error was "Unknown CA" but after installing the Polycom chain of root CA on 
SipX, it's now "Decrypt Error"... But the guide says nothing about the need to install 
the Polycom device
Root CA on the SipX server in this situation.

I'm confused... and would be very happy with some guidance...

//Staffan




--
Staffan Kerker
mail/sip/xmpp: [email protected]

"Don't get involved in politics man, just play the gig..." /Sgt Floyd, Electric 
Mayhem Band






_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/



_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/

Reply via email to