Digicert Global Root CA is gone from CCX firmware

Occasional Advisor

Digicert Global Root CA is gone from CCX firmware

We use a Poly RPRM to provision our phones,

They are running the firmware versionx - 7.1.x

We renewed the expiring RPRM certificate with the Intermediate DigiCert TLS RSA SHA256 2020 CA1 (serial 06d8d904d5584346f68a2fa754227ec4) signed by the DigiCert Global Root CA (serial 083be056904246b1 a1756ac95991c74a).

And now the phones stopped trusting the SubCA and are unable to upload logs and download the configurations.

The current workaround is to manual access the phone WebUI and upload the SubCA



Message 1 of 4
Polycom Employee & Community Manager

Re: Digicert Global Root CA is gone from CCX firmware

Hello @LRamos ,

Your post ended up in the Spam Filter so it was moved here. 


Do you use a DHCP option to point the phones to RPRM?


If yes simply change this to HTTP instead and reboot the phones. Once the new CFG is loaded reboot the phone after changing the DHCP option back to HTTPS.


If this fails look at the REST API and push the changed cert via that


Jun 05, 2018 Question: Do Poly Phones support a REST API?

Resolution: Please => here <=

Best Regards

Steffen Baier


If official support is required please check how to phone or open a case here

The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.


⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓SIGNATURE ⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓
Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
Please also ensure you always check the VoIP , Video Endpoint , Microsoft Voice , PSTN or other FAQ's in the different sections
Message 2 of 4
Occasional Advisor

Re: Digicert Global Root CA is gone from CCX firmware

Thanks for getting the post out of the SPAM filter


All was in great shape and cool plug-and-use.

DHCP options on all locations, RPMR providing the configurations... until the day I renewed the certificate  and this new intermediate CA trashed my day.

Now we cannot factory reset a phone or it will not be able to connect to the RPRM (HTTP is out of the question for this customer CISO)


I have support for the phones, so I opened a case.

Message 3 of 4
Occasional Advisor

Re: Digicert Global Root CA is gone from CCX firmware

The most weird fix of all time.

After replacing the RPRM to the new certificate (provided by a new Intermediate CA from Digicert) the phones were not able to download the configurations and upload logs to the RPRM. The logs showed clearly a 'CA not trusted' and only worked if I manually add the Intermediate CA to the Phone.


I just uploaded the Intermediate CA that issue the old certificate to the RPRM and now the phones can connect to the RPRM and the logs show that they Trust the certificate issued by the new Intermediate CA....

Message 4 of 4