Polycom SIP TLS

Status
Not open for further replies.
M

MTR

Member
Oct 25, 2017
181
9
18
45
Hi

I have a wildcard ssl cert installed and all my yealink phones work well with tls however the polycom phones don’t work

Was anyone here successfull with polycom tls in a multi domain?
 
C

CountJuuglar

New Member
Sep 1, 2017
7
1
3
44
I FINALLY got this to work ... been beating my head on it for a while, due to an annoying lack of basic information (cert name requirements & contents therein) ... I have polycom VVX411's that I am using for testing this

Today, I decided that I'm going to figure this out, and told my wife & kids to stay out of the office, as I assumed I would be grumpy (good move), I found a video of Mark on youtube showing cluecon how easy it was to get webrtc up, and it showed him using a script for letsencrypt that set everything up, so I dug up the script and read through it.

In the end I created my certs the way that Mark has his letsencrypt script make them as described below (at the bottom of his script): https://github.com/fusionpbx/fusionpbx-install.sh/blob/master/debian/resources/letsencrypt.sh

For reference, I have a wildcard cert from Comodo that I'm using

I first removed all certs from /etc/freeswitch/tls (rm /etc/freeswitch/tls/*)

Then I created the .pem files in /etc/freeswitch/tls (fusionpbx v4.4) as such:

all.pem = <my cert>, <all 3 chain certs>, <private key> (it creeps me out having my private key in there, but the script does it so ....)
cert.pem = <my cert>
chain.pem = <all 3 cert chains>
fullchain.pem = <my cert>, <all 3 chain certs>
privkey.pem = <private key>

I created the sym links as described in Mark's script:
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/agent.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/tls.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/wss.pem
ln -s /etc/freeswitch/tls/all.pem /etc/freeswitch/tls/dtls-srtp.pem

updated permissions on the folder ... again, per instruction from Mark's script
chown -R www-data:www-data /etc/freeswitch/tls

restarted FS
fs_cli
fsctl shutdown elegant restart

After which, I was able to get the polycom phones registered & making calls just fine... next step getting DNSNAPTR working so the failover server works properly .... with TLS
I did NOT have to install any certs on the polycom phones, also for reference, FW version: 5.8.0.12386


I sincerely hope this helps !
 
Status
Not open for further replies.
Top Bottom