1. If you have an admin account, you can simply download the Root CA from the sipX ECS web interface.
Login to the web interface and go to:
System / Certicates / Certificate Authorities
Given that the FQDN for sipX is pbx.mydomain.com, the root CA will be named ca.pbx.mydomain.com.crt.
Download this file and save it to the root folder of a web server in your LAN.
If you do not have a local web server, you can ask the Linux administrator to copy the Root CA
to the web root of the sipXecs web interface.
Example: cp /etc/sipxbpx/ssl/authorities/ca.pbx.mydomain.com.crt /var/sipxdata/configserver
2. On your Polycom handset, go to
Menu / Settings / Advanced
Enter your password. If you haven't changed this in the past, the default Polycom password is "456".
3. Once you have entered the Advanced Settings, press the Ok button to proceed to the Admin Settings.
Use the scroll down arrow and look for the item
SSL Security
then drill down to
CA Certicates / Install Custom CA Certificate
4. You will be prompted to enter the http URL where you stored the CA. Enter the URL using the keypad.
Example: http://192.168.1.10/ca.pbx.mydomain.com.crt
or
http://pbx.mydomain.com/ca.pbx.mydomain.com.crt
Depending on whether you installed it in the LAN web server or the sipXecs doc root
5. The Polycom phone would now download the root CA and will ask you to accept it. After accepting the certicate
it will instantly get installed as your custom polycom certificate.
6. Press the Left arrow twice and go to
Configure CA Certificates
Choose the first item in the list
"Custom Certificate"
7. Lastly configure Polycom SIP Settings to use TLS as the transport and change the port to 5061.
Enjoy TLS!