Extract CA cert from Debian 9 for Polycom phone

I used the dehydrated script in fusionpbx to create my cert. According to Polycom, I need to get
A PFX, P7B, or single certificate file that you’ve saved on your computer or a PEM-format encoded text that you received in an e-mail or on a secure web page.

The phone has a place to upload the cert in the networking/ssl section. I just need to know which one to get and where it is.

A TCP dump shows this:

root@sprov:/etc/nginx# tcpdump -vvvv -nn port 443
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

15:25:25.947746 IP (tos 0x0, ttl 52, id 15888, offset 0, flags [DF], proto TCP (6), length 60)
98.1xxx4.56131 > 138xxxx163.443: Flags [S], cksum 0x8184 (correct), seq 2770706625, win 5840, options [mss 1460,sackOK,TS val 3055313 ecr 0,nop,wscale 4], length 0
15:25:25.947808 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
138xxx.1xx3.443 > 98.xxxxx.56131: Flags [S.], cksum 0xedf7 (incorrect -> 0x0a6e), seq 3314253466, ack 2770706626, win 28960, options [mss 1460,sackOK,TS val 8574985 ecr 3055313,nop,wscale 7], length 0
15:25:25.979988 IP (tos 0x0, ttl 52, id 15889, offset 0, flags [DF], proto TCP (6), length 52)
98xxxxx4.56131 > 138.xxxxx443: Flags [.], cksum 0xa8e9 (correct), seq 1, ack 1, win 365, options [nop,nop,TS val 3055317 ecr 8574985], length 0
15:25:26.117502 IP (tos 0x0, ttl 52, id 15890, offset 0, flags [DF], proto TCP (6), length 264)
98xxxxxxx.56131 > 138.xxxxx.163.443: Flags [P.], cksum 0x08a2 (correct), seq 1:213, ack 1, win 365, options [nop,nop,TS val 3055330 ecr 8574985], length 212
15:25:26.117572 IP (tos 0x0, ttl 64, id 40052, offset 0, flags [DF], proto TCP (6), length 52)
138xxxxx163.443 > 98.1xxxxxxx131: Flags [.], cksum 0xedef (incorrect -> 0xa860), seq 1, ack 213, win 235, options [nop,nop,TS val 8575027 ecr 3055330], length 0

Hi @jacksprat

I don't know how that works.

But Letsencrypt gives you a certificate in pem format to download.

So you should find and use it.

1 Like

Thank you. Just trying to figure out exactly where the pem format cert is.

According to their documentation, there should have been a certs for folder created for the new certificates.
Try:
find / -name certs

[It may find more than one]
Then do:
ls -l {each of them}

[the names should be like the domain requested]