I’m trying to get TLS working. I’m starting with a Polycom phone. I have a certificate (a signed certificate from wosign) tied to my FQDN. If I connect to port 5061 using openssl I indeed am getting the signed valid certificate.
I changed my extension (pjsip) to use TLS etc etc, and rebuilt the config for my phone and it is still set to port 5075 (what I am using for pjsip currently).
I changed the phone manually to use TLS and port 5061. It immediately looses registration. I get the following in the log file of the phone.
0829093951|app1 ||00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0829093952|app1 ||00|SoRegistrationEventLast - new AppRegLineC, szUser = 5824
0829093952|sip ||00|Sip UnRegister Usr:5824 Dsp:Noach Sumner-5824 Auth:‘5824’ Inx:0
0829093952|sip ||00|SipUserRemove: user 0 being removed.
0829093952|sip |*|00|Sip Register Usr:5824 Dsp:Noach Sumner-5824 Auth:‘5824’ Inx:0
0829093952|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/fedContactUrl.dom doesn’t exist or is empty
0829093952|sip |4|00|[cert_verify_callback,tcp]:Server certificate verification failed, Untrusted Certificate,error=20
0829093952|sip |4|00|MakeTlsConnection: SSL_connect error 1
0829093952|sip |4|00|MakeTlsConnection: connection failed error -1
0829093952|sip |4|00|Registration failed User: 5824, Error Code:480 Temporarily not available
0829093952|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Lync Special Interop is disabled.
0829093952|pps |4|00|[PpsHybridC::OnEvSipOnFetchRootCert] Exiting from certificate fetch procedure.
0829093952|cfg |5|00|Prm|Parameter up.cfgUniqueLineLabel requested type 2 but is of type 7
I have installed the certificate in the phone and verified the thumbprint to no avail. Does anyone have any suggestions? After (if) I get this working with Polycom I want to try and address is with a Grandstream phone which I’m sure will be even more fun…