Logo

Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Digicert Global Root CA is gone from CCX firmware

LRamos
Occasional Advisor
‎05-23-2022 06:04 AM
‎05-23-2022 06:04 AM

Digicert Global Root CA is gone from CCX firmware

We use a Poly RPRM to provision our phones,

They are running the firmware versionx  6.2.23.0304 - 7.1.x

We renewed the expiring RPRM certificate with the Intermediate DigiCert TLS RSA SHA256 2020 CA1 (serial 06d8d904d5584346f68a2fa754227ec4) signed by the DigiCert Global Root CA (serial 083be056904246b1 a1756ac95991c74a).

And now the phones stopped trusting the SubCA and are unable to upload logs and download the configurations.

The current workaround is to manual access the phone WebUI and upload the SubCA

 

 

Message 1 of 4
0 Kudos
Reply
3 REPLIES 3
SteffenBaierUK
Polycom Employee & Community Manager Polycom Employee & Community Manager
Polycom Employee & Community Manager
‎05-23-2022 08:56 AM
‎05-23-2022 08:56 AM

Re: Digicert Global Root CA is gone from CCX firmware

Hello @LRamos ,

Your post ended up in the Spam Filter so it was moved here. 

 

Do you use a DHCP option to point the phones to RPRM?

 

If yes simply change this to HTTP instead and reboot the phones. Once the new CFG is loaded reboot the phone after changing the DHCP option back to HTTPS.

 

If this fails look at the REST API and push the changed cert via that

 

Jun 05, 2018 Question: Do Poly Phones support a REST API?

Resolution: Please => here <=


Best Regards

Steffen Baier

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Message 2 of 4
0 Kudos
Reply
LRamos
Occasional Advisor
‎05-23-2022 09:48 AM
‎05-23-2022 09:48 AM

Re: Digicert Global Root CA is gone from CCX firmware

Thanks for getting the post out of the SPAM filter

 

All was in great shape and cool plug-and-use.

DHCP options on all locations, RPMR providing the configurations... until the day I renewed the certificate  and this new intermediate CA trashed my day.

Now we cannot factory reset a phone or it will not be able to connect to the RPRM (HTTP is out of the question for this customer CISO)

 

I have support for the phones, so I opened a case.

Message 3 of 4
0 Kudos
Reply
LRamos
Occasional Advisor
‎05-24-2022 06:21 AM
‎05-24-2022 06:21 AM

Re: Digicert Global Root CA is gone from CCX firmware

The most weird fix of all time.

After replacing the RPRM to the new certificate (provided by a new Intermediate CA from Digicert) the phones were not able to download the configurations and upload logs to the RPRM. The logs showed clearly a 'CA not trusted' and only worked if I manually add the Intermediate CA to the Phone.

 

I just uploaded the Intermediate CA that issue the old certificate to the RPRM and now the phones can connect to the RPRM and the logs show that they Trust the certificate issued by the new Intermediate CA....

Message 4 of 4
0 Kudos
Reply