Thanks Tony. It was the ca bundle. I had imported it via the web interface and it was displayed properly but it was never saved eventhough I clicked on keep. I had to drop the ca bundle into /etc/sipxpbx/ssl/authorities and run the ca_rehash script manually. After the service restarted all is well
***************************************** Shawn Beard Enterprise Systems Engineer Penn Manor School District www.pennmanor.net<http://www.pennmanor.net/> (717)872-9500 x2354 From: Tony Graziano <[email protected]<mailto:[email protected]>> Reply-To: Discussion list for users of sipXecs software <[email protected]<mailto:[email protected]>> Date: Mon, 26 Mar 2012 15:40:45 -0400 To: Discussion list for users of sipXecs software <[email protected]<mailto:[email protected]>> Subject: Re: [sipx-users] polycom auto provision issue 0x20 means the config file is corrupt or invalid (not missing). It will reboot... Since Sipx autoconfigs phones without a generated profile all signs point to your certificate. Its likely you didn't install the intermediate certificate either. If it were me, and its not... I would undo the wildcard until I have time to test it and make sure it works. This means you might have to manually regenerate and install the standard certificate. On Mar 26, 2012 3:35 PM, "Shawn Beard" <[email protected]<mailto:[email protected]>> wrote: I just unboxed a bunch of Polycom 335 and 550's but they won't autoprovision. They all display a 0x20 config error. I can manually create profiles and they will register fine. I found the below in my sipxprovision.log which points to a cert issue. I did install a new cert last week but it's a wildcard cert that we use on other servers. Browsers don't report a cert issue and the SSLPoke java tool seems to connect fine. I did try importing the ca into the cacerts file using keytool but that hasn't fixed the issue . Any help would be appreciated. Thanks "2012-03-26T19:29:19.001000Z":29::INFO:sipx1.pennmanor.net:SocketListener0- 1:00000000:Servlet:"GET /0004f23fef22-sipx-device.cfg User-Agent: FileTransport PolycomSoundPointIP-SPIP_335-UA/3.2.4.0267" "2012-03-26T19:29:19.001000Z":30::INFO:sipx1.pennmanor.net:SocketListener0- 1:00000000:Servlet:"writeConfigurationResponse - /0004f23fef22-sipx-device.cfg" "2012-03-26T19:29:19.010000Z":31::ERR:sipx1.pennmanor.net:SocketListener0-1 :00000000:Servlet:"REST HTTPS GET failed:" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1697) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1 165) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610) at sun.security.ssl.Handshaker.process_record(Handshaker.java:546) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:945) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1 190) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1217) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1201) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstr actDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectio nImpl.java:153) at org.sipfoundry.sipxprovision.auto.Servlet.writeProfileConfigurationResponse (Servlet.java:573) at org.sipfoundry.sipxprovision.auto.Servlet.doGet(Servlet.java:539) at javax.servlet.http.HttpServlet.service(HttpServlet.java:596) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:427) at org.mortbay.jetty.servlet.ServletHandler.dispatch(ServletHandler.java:665) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567) at org.mortbay.http.HttpContext.handle(HttpContext.java:1565) at org.mortbay.http.HttpContext.handle(HttpContext.java:1517) at org.mortbay.http.HttpServer.service(HttpServer.java:954) at org.mortbay.http.HttpConnection.service(HttpConnection.java:814) at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:981) at org.mortbay.http.HttpConnection.handle(HttpConnection.java:831) at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244) at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357) at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224) at sun.security.validator.Validator.validate(Validator.java:235) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:14 7) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerIm pl.java:230) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerIm pl.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1 144) ... 26 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBu ilder.java:197) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319) ***************************************** Shawn Beard Enterprise Systems Engineer Penn Manor School District www.pennmanor.net<http://www.pennmanor.net> <http://www.pennmanor.net/> (717)872-9500 x2354 > _______________________________________________ sipx-users mailing list [email protected]<mailto:[email protected]> List Archive: http://list.sipfoundry.org/archive/sipx-users/ LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected]<mailto:[email protected]> Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
