We have two Ubuntu 20.04 servers both using Letsencypt via certbot, our polycom VVX SIP handsets fail TLS handshake to server with E6 issued cert but work just fine to R11.
Any ideas what could be the reason fo this?
Hard to know without more details and logs. Some things to try include using an RSA cert instead of an ECDSA one, and making sure that the ISRG Root X1 is correctly in the client's trust store.
6 Likes
Maybe it doesn't like p384 curve of E6?
4 Likes
Or ECDSA in general, but without knowing the algorithm of the end leaf certificate which was working fine with R11 as intermediate, we don't know I was just remembered that on the 6th of June when the new intermediates were enabled, the algorithm (RSA/ECDSA) is the same in end leaf cert and intermediate cert.
5 Likes
Hi, thanks for the responses. we modified the renewal .conf file to issue RSA instead of ECDSA over the last few days and the Polycom devices are now working correctly.
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.