Polycom
Polycom SIP TLS with custom CA
The config files below show how to add a custom CA certificate (customCaCert1) to a Polycom phone for use with SIP TLS registration.
file: ca.cfg
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- PlcmConversionCreatedFile version=1.2 converted=Mon Feb 3 15:31:47 2014 -->
<!-- $Polycom Revision: 1.67 $ $Date: 2005/03/11 17:05:46 $ -->
<!-- certificate below is the Skyhawk CA 2020 public root certificate -->
<polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd">
<device.sec.TLS device.set="1"
device.sec.TLS.customCaCert1="-----BEGIN CERTIFICATE-----
MIIDQzCCAiugAwIBAgIJALTIzl8d4AGkMA0GCSqGSIb3DQEBCwUAMBoxGDAWBgNV
BAMMD1NreWhhd2sgQ0EgMjAyMDAgFw0yMDAzMjAwMTI2MzNaGA8yMDcwMDMwODAx
MjYzM1owGjEYMBYGA1UEAwwPU2t5aGF3ayBDQSAyMDIwMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAplKHp7M3VO4ZGChecOlvaq8I/JOyK7L0/a/naoKp
Q3aP32V8vyK3vZFFeHbyniWcAjwSBXPsOdy2qZcEP5ukXYW8qDl3VB4nb1K/uJk/
U8pEsfKJJ1s/YEvNIoRndnnr2EWa4olH0Ec9G+mxFAsmw3i1T2wrqnaIiBv8VJpA
muJtHdzFySzqxd8Wox7WkVxC2l/PUooB1XiUIK9WOoBRE00z03vILxf7ZGnCjbGd
C1PRVWmTr6PqPHd/Ern47NLmMchJClTEweYweYtw843qfR1WN/wn8ftNrruOPoAA
bOSOF0M4Zm/yTT4qb3n8CX7T9EZg7mA6tjYqvPKsp7rGrQIDAQABo4GJMIGGMB0G
A1UdDgQWBBTWRFxu293dJmwS0RXun/U7teQDrDBKBgNVHSMEQzBBgBTWRFxu293d
JmwS0RXun/U7teQDrKEepBwwGjEYMBYGA1UEAwwPU2t5aGF3ayBDQSAyMDIwggkA
tMjOXx3gAaQwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEL
BQADggEBAGSwOk7FKJyEcrlh4SXOnS6oLYKYM1u+uymX65Ur3WwJC6+TlBNy6joy
0786NwCZ8Cb7fdOeYC5n89Zb7rNuCGj89N5fHhgjCxJo5mbgcTYLWLE3zp8+rfhC
Q0iKK29dy9qTNTwBiBhmLZWhIJc2W+sPtANqvSGLoIbsTEp6Ktwp77B5mkaLkh09
eAf/yY7CDgDLihYQ8J2FsCeyw2jVAQZXZLHBNNkCHytAKtZqQC/tbe7aPIpAImZn
G5CJ0uKvhOjWckrFWMxMBtgB5pUoAvG/6UTyqU+N4elULVmg4wvi+bf4+gR2aN7p
UGD4YP6SHFz4LsoXH10YZd1znXa1anI=
-----END CERTIFICATE-----">
<device.sec.TLS.customCaCert1
device.sec.TLS.customCaCert1.set="1">
</device.sec.TLS.customCaCert1>
</polycomConfig>
file: phone-prefixXXYYY.cfg
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- PlcmConversionCreatedFile version=1.2 converted=Fri Apr 25 12:00:24 2014 -->
<polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd">
<msg>
<msg.mwi msg.mwi.1.callBack="9YYY" msg.mwi.1.callBackMode="contact" />
</msg>
<reg reg.1.address="prefixXXYYY" reg.1.displayName="YYY" reg.1.label="YYY" reg.1.ringType="ringer3" reg.2.ringType="ringer3" reg.3.ringType="ringer3" reg.4.ringType="ringer3" reg.5.ringType="ringer3" reg.6.ringType="ringer3">
<reg.1.auth reg.1.auth.password="SuperSecretPassword" reg.1.auth.userId="prefixXXYYY" />
<reg.1.server reg.1.server.1.address="pbx.url.com" reg.1.server.1.port="5061" reg.1.server.1.transport="TLS"/>
</reg>
</polycomConfig>
file: [MAC].cfg
<?xml version="1.0" standalone="yes"?>
<APPLICATION APP_FILE_PATH="sip.ld" CONFIG_FILES="phone-prefixXXYYY.cfg, sip.local.cfg, ca.cfg" MISC_FILES="http://pbx.url.com/polycom-checkcfg.cfg" LOG_FILE_DIRECTORY="pcip/" OVERRIDES_DIRECTORY="pcip/" CONTACTS_DIRECTORY="pcip/" LICENSE_DIRECTORY="license/" USER_PROFILES_DIRECTORY="pcip/" CALL_LISTS_DIRECTORY="pcip/" COREFILE_DIRECTORY="pcip/">
<APPLICATION_SPIP300 APP_FILE_PATH_SPIP300="sip_213.ld" CONFIG_FILES_SPIP300="phone-prefixXXYYY.legacy.cfg, phone1_213.cfg, sip.local-legacy.cfg, sip_213.cfg"/>
<APPLICATION_SPIP500 APP_FILE_PATH_SPIP500="sip_213.ld" CONFIG_FILES_SPIP500="phone-prefixXXYYY.legacy.cfg, phone1_213.cfg, sip.local-legacy.cfg, sip_213.cfg"/>
<APPLICATION_SPIP301 APP_FILE_PATH_SPIP301="sip_318.ld" CONFIG_FILES_SPIP301="phone-prefixXXYYY.legacy.cfg, phone1_318.cfg, sip.local-legacy.cfg, sip_318.cfg"/>
<APPLICATION_SPIP320 APP_FILE_PATH_SPIP320="sip_335.ld" CONFIG_FILES_SPIP320=""/>
<APPLICATION_SPIP330 APP_FILE_PATH_SPIP330="sip_335.ld" CONFIG_FILES_SPIP330=""/>
<APPLICATION_SPIP430 APP_FILE_PATH_SPIP430="sip_327.ld" CONFIG_FILES_SPIP430="phone-prefixXXYYY.legacy.cfg, phone1_327.cfg, sip.local-legacy.cfg, sip_327.cfg"/>
<APPLICATION_SPIP501 APP_FILE_PATH_SPIP501="sip_318.ld" CONFIG_FILES_SPIP501="phone-prefixXXYYY.legacy.cfg, phone1_318.cfg, sip.local-legacy.cfg, sip_318.cfg"/>
<APPLICATION_SPIP600 APP_FILE_PATH_SPIP600="sip_318.ld" CONFIG_FILES_SPIP600="phone-prefixXXYYY.legacy.cfg, phone1_318.cfg, sip.local-legacy.cfg, sip_318.cfg"/>
<APPLICATION_SPIP601 APP_FILE_PATH_SPIP601="sip_318.ld" CONFIG_FILES_SPIP601="phone-prefixXXYYY.legacy.cfg, phone1_318.cfg, sip.local-legacy.cfg, sip_318.cfg"/>
<APPLICATION_SPIP670 APP_FILE_PATH_SPIP670="sip_408.ld" CONFIG_FILES_SPIP670=""/>
<APPLICATION_SSIP4000 APP_FILE_PATH_SSIP4000="sip_318.ld" CONFIG_FILES_SSIP4000="phone-prefixXXYYY.legacy.cfg, phone1_318.cfg, sip.local-legacy.cfg, sip_318.cfg"/>
<APPLICATION_SSIP6000 APP_FILE_PATH_SSIP6000="sip_408.ld" CONFIG_FILES_SSIP6000=""/>
<APPLICATION_SSIP7000 APP_FILE_PATH_SSIP7000="sip_408.ld" CONFIG_FILES_SSIP7000=""/>
</APPLICATION>
References: