VVX Series & SCEP over HTTPS

jemkey · ‎05-11-2025

Hi,

Do the Poly VVX series support SCEP over HTTPS? For example, most cloud PKI providers (like Scepman, Keytos etc) use HTTPS for their SCEP URL.

When attempting to use an HTTPS url for SCEP, the initial connection is successful and it downloads the SCEP CA certificate (which can be seen under "Auto Prov CA" and "Certificates installed with the help of SCEP").

On the next step it submits the SCEP request and appears to fail to connect to the server as it looks like its trying to only use the SCEP CA certificate to verify the cert (in the case of the log below scep.msappproxy.net is using a Digicert CA cert) rather than using the other CA certificates built into the phone. Is this because the "Auto Prov Profile" only looks at this cert?

Current phone firmware: 6.3.1.11465

0511173955|scep |*|00|ScepCurlInterface::CurlRequest  Hostname  = scep.msappproxy.net => dns addr = 98.x.x.x.x, 
0511173955|scep |1|00|CURLINFO   : About to connect() to scep.msappproxy.net port 443 (#0)
0511173955|scep |1|00|CURLINFO   :   Trying 98.x.x.x... 
0511173955|scep |1|00|CURLINFO   : Connected to scep.msappproxy.net (98.x.x.x) port 443 (#0)
0511173955|scep |1|00|CURLINFO   : successfully set certificate verify locations:
0511173955|scep |1|00|CURLINFO   :   CAfile: /ffs0/scepcafile.crt
0511173955|scep |1|00|CURLINFO   : SSLv3, TLS Unknown, Unknown (22):
0511173955|scep |1|00|CURLINFO   : SSLv3, TLS handshake, Client hello (1):
0511173955|scep |1|00|CURLINFO   : SSLv2, Unknown (22):
0511173955|scep |1|00|CURLINFO   : SSLv3, TLS handshake, Server hello (2):
0511173955|scep |1|00|CURLINFO   : SSLv3, TLS handshake, CERT (11):
0511173955|scep |1|00|CURLINFO   : SSLv2, Unknown (21):
0511173955|scep |1|00|CURLINFO   : SSLv3, TLS alert, Server hello (2):
0511173955|scep |1|00|CURLINFO   : SSL certificate problem, verify that the CA cert is OK. Details:
0511173955|scep |1|00|CURLINFO   : Closing connection #0
0511173955|scep |1|00|CURLINFO   : Peer certificate cannot be authenticated with known CA certificates
0511173955|scep |4|00|ScepCurlInterface::CurlRequest error result 60 httpResCode 0
0511173955|scep |5|00|scepLIB: reading outer PKCS#7
0511173955|scep |5|00|scepLIB: error reading PKCS#7 data
0511173955|scep |5|00|pkcs7_unwrap failes with error = 97
0511173955|scep |5|00|displayScepWarningMsg  97 
0511173955|scep |1|00|ScepEventHandler Event GETPKCSREQFAIL
0511173955|scep |4|00|ScepEnrollmentInprogress::onPKCSReqFail PKCSReq failed

Thanks for any help!

Mark

SteffenBaierUK · ‎05-12-2025

Hello @jemkey ,

Your post was marked as Spam and had to be manually released.

This is usually an automated process based on some post content, or a manual process when Community rules are violated.

The Software you are using is unsupported and outdated, and we cannot spend time as volunteers to try and troubleshoot this.

If no other volunteers reply, I suggest you contact our Support organization in your region. Details are in my Signature.

Best regards

Steffen Baier

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN

Create an account on the HP Community to personalize your profile and ask a question