• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The Poly Phones Knowledge Base is live! We look forward to helping you with common issues and troubleshooting advice!
HP Recommended

I'm having an issue getting a custom CA to import onto a Visual+ unit via config. The same config works for the Trio 8800 and successfully imports a custom client cert, but not the CA.

 

If I manually import the CA via the web interface it works, but if I then export that config, remove the custom CA from the web interface and then reimport the config, it fails to add the custom CA back.

 

0905074815|tls  |1|00|Could not get X509 data from PEM format
0905074815|tls  |2|00|Got X509 data from DER format
0905074815|tls  |1|00|Could not get X509 data from PEM format
0905074815|cfg  |4|00|Web|cfgParamUtilParseAndUpdateSessions: Error updating param device.sec.TLS.customCaCert1

I can't see it listed as a known issue and nothing I've tried seems to allow a config-based custom CA import to succeed.

1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

Hello Spad,

Providing such information that it is working with the Trio may help us confirming that this is an known issue.

 

I briefly tested this with the current GA and it fails like in your example. Even if I change the certificate into Base 64 it still fails. Using your configuration with the next Beta version works without an issue.

 

Seeing that you are working for a well known organisation I can only advise you to get this into support so we can track this.


In order to raise a support ticket you need to work with your Polycom reseller as they need to do this for you. End Customers are usually unable to open a ticket directly with Polycom support.

If this is some sort of an Internet discounter please post either your phone's MAC address or your Polycom devices serial so I can look up who would be able to support you. This may not be who you purchased the Polycom device from.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

View solution in original post

7 REPLIES 7
HP Recommended

Hello Spad,

welcome to the Polycom Community.

How about posting your configuration so we can have a look?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Steffen,

 

The relevant section of the config is below

 

	device.set="1"
	
	device.sec.TLS.profile.caCertList1.set="1"
	device.sec.TLS.profile.caCertList1="Platform1"
	device.sec.TLS.profile.deviceCert1.set = "1"
	device.sec.TLS.profile.deviceCert1 = "Platform1"
	device.sec.TLS.profileSelection.dot1x.set="1"
	device.sec.TLS.profileSelection.dot1x = "PlatformProfile1"
	device.sec.TLS.profileSelection.provisioning.set ="1"
	device.sec.TLS.profileSelection.provisioning = "PlatformProfile1"

	device.sec.TLS.customCaCert1.set = "1"
	device.sec.TLS.customCaCert1 = "MIIFWzCCA0OgAwIBAgIQU2Ko6fbTdrJEwfQjN9AgPzANBgkqhkiG9w0BAQ0FADBAMT4wPAYDVQQDEzVDb250cm9scyBhbmQgRGF0YSBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNDExMjYxMDM0MTZaFw0yNDExMjYxMDQ0MTJaMEAxPjA8BgNVBAMTNUNvbnRyb2xzIGFuZCBEYXRhIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyNiBI4Kmt1qRorDzkRBCRTR5wSvlgPmtjw35Yqwdwxr/xVwFxLHapHTnWFBNehn4YeBggVl+bnaCfifl/ceTiXIHbGK2rsjuky+NPxidebGs6qr+jyGA7jPpC80DlocJiP6WL5mwre5HbG4xJzmF8jNlD1bmFw5lqlvdjAokEgjv5vYusWu2P1NhVU+b010gFzUUW7XgCv54Hx4fQ1nZvKb3x+jOxeG3flUO9VDf1kRgG2YToI+if4rCy8y14VPQhP9lO+satMxh734CmvW0kfVCcaWND+MyWOjCYF+g8ilQXo+b6Q2Des9RR4MQag/ouig/ICDHWlC8D8/sn4HWYywKoLAfy5Ex9sbe2OUHCQWxS9bWSz44DmoxOEq+QLqLz//+egeUnBTaIbkB17jaA5AWH+W+Mcv3l4ASSxfi2lciBKM5gf6d+XQdAppr+Zu8Ct02Ov43iLiOH4pHYLfYGaRbiRz5tKBBjacpL1nv95PGz3D2Xytz7sF7ukl2+TyCKICtn9F1b0b8KpzgdY6l5jzbuYRpxM9Exe/S0dgrYV111C07rxndOt9yPmUUBYU+MncL550GhqbAKPme4A7C1qaYlBrSvd9+9/SUVufMdEt69loIJla5Ve+bW8+MHAJl68H5hFaRC9ZwmDGWzujfUIBvq9rU0AIPGIts4T6ypzMCAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEUHC51kT2e1JzXtD3FPUOrp8XE5MBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBDQUAA4ICAQCrL50fdsDxRBULWTC8ypKaiEczgvsBdQzyC26WJXUhpf3tO3dhF9NNy/wU96+toFuhlXkqBNXVysAMSCxfehz+ruYPIp2qxVQVFXt2aKd+RT2h/gQLmr6wNx2wh+MXWJh3ssjhaF+BzdHrRm8G1MCgSJjySXfleT10jX59WlkRRsBbYv55OTZ3yWndP+3o7hipCct8aL/tZ8I2zA/dhAYj2DCbOOPBhrL0ERiunofO4on9YgiABEMNyla6aAkmt4REvA25aGtSjXLojY8En0J7VwYB3rKFOQuuyru/kZoMsbBtw65qL1yz8nRkn8uz0fejxnm7Oldwq/qUcobjG773rT+TiBUDeYoUoGBA7JlPflnXvlr/bgCg19WWueOO8o30R6c2xKkND+cWEliHZsVwHntIFkcAGYHZuJuzDoeRfeRvWGhf9MQBC26DqbIFlDDVuxZemW8kjhvgSdlxVFkbFoR/UHkgLUKrmjkA4mUVSoCk2IkWetiafpM0cihI78WaT4dFsubciTkv2TZ+PgHjpP68Bd/7Q0kozLduW8wecxhB85v22Vk9u0jAnh27zicjV6QX8DsTmlNsHB7vMNVCEKpjvMt5SeXcG0iAnz5B8X39g+0bBK3h4cLCGe38+MISpVHdo91gtvnOkNAW5apmPE74hwCrCGiSQOoOA1FgYg=="

This works fine on the Trio 8800, just not on the Visual+ unit.

HP Recommended

Hello Spad,

Providing such information that it is working with the Trio may help us confirming that this is an known issue.

 

I briefly tested this with the current GA and it fails like in your example. Even if I change the certificate into Base 64 it still fails. Using your configuration with the next Beta version works without an issue.

 

Seeing that you are working for a well known organisation I can only advise you to get this into support so we can track this.


In order to raise a support ticket you need to work with your Polycom reseller as they need to do this for you. End Customers are usually unable to open a ticket directly with Polycom support.

If this is some sort of an Internet discounter please post either your phone's MAC address or your Polycom devices serial so I can look up who would be able to support you. This may not be who you purchased the Polycom device from.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Steffen,

 

Thanks for your help confirming that appears to be a bug and not a configuration issue on my part. I'll speak with our reseller and get a support call raised.

 

Thanks.

HP Recommended

Hello Spad,

 

last question. What is the certificate even used for ?

 

Best Regards

 

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

We're using them for 802.1x authentication; the phones need to trust our CA in order to trust the ACS server that authenticates them.

HP Recommended

Hello spad,

we are tracking this under 1-6962279101


Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.