FreePBX | Register | Issues | Wiki | Portal | Support

Endpoint Manager Polycom phone TLS not working


(Rick H) #1

I’m trying to set up a Polycom VVX410 to register using Endpoint Manager and TLS. We currently have an FTP provisioning server and it works fine that way, but we want to move to Endpoint.
I can get the phone to provision with Endpoint, but it keeps wanting to use UDP to register. I’ve tried several setting changes in the basefile .cfg files but nothing appears to be working. What are all of the entries or changes that I need to get TLS to work?


(Chris Dolese) #2

you will need to modify the base file and select proper transport and port

id start here :

if you get stuck feel free to open a support ticket - however , unfortunately this would not be covered within the free support offered with active maintenance for the endpoint commercial module but is certainly something we could handle with a paid configuration ticket

good luck


(Rick H) #3

Thanks. I already tried this, sort of. I don’t want to manually add the cert. I don’t have to do it with the FTP server.


(Rick H) #4

I finally got this working. It helps to know exactly where to make the changes. Some of the config files have the same sections. Here’s my steps.

  1. Since we already had a file with some of the settings needed, I just copied it to tftpboot folder on the FreePBX server and then changed the file rights to match the other .cfg files. (0755), group/owner=asterisk.

Cert.cfg:

<?xml version="1.0" encoding="utf-8" standalone="yes"?>

<device.sec.TLS.customCaCert1
device.sec.TLS.customCaCert1="-----BEGIN CERTIFICATE-----
[enter certificate data here]
-----END CERTIFICATE-----"

       device.sec.TLS.customCaCert1.set="1"> 
  </device.sec.TLS.customCaCert1>
<device.sec.TLS.SIP.strictCertCommonNameValidation
	sec.TLS.SIP.strictCertCommonNameValidation="0">
</device.sec.TLS.SIP.strictCertCommonNameValidation>
  1. In Endpoint Manager>Basefile file edit, I edited the following config file lines:
    a. MAC.cfg - added cert.cfg
    CONFIG_FILES=“mac-features.cfg, mac-ext.cfg, mac-sip-interop.cfg, cert.cfg”
    b. Ext.cfg - changed DNSnaptr to TLS
    reg.1.server.1.transport=“TLS”

(system) closed #5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.