What is the reason the Genesys Cloud BYOC edge is failing to establish a secure connection with our on-premise SIP trunks during the Zendesk Talk migration? We are moving our voice infrastructure from Zendesk Talk to Genesys Cloud, leveraging a Bring Your Own Cloud setup on AWS EU-West-1. The edge node is deployed and registered, but the SIP trunk configuration in the Admin console shows a ‘Connection Failed’ status.
Here are the environment details:
- Genesys Cloud Region: EU1
- BYOC Edge Version: 22.10.0.15
- Underlying Infrastructure: AWS EC2 (t3.medium) in eu-west-1a
- Zendesk Source: Zendesk Talk (SIP Trunking)
- Error Code: TLS Handshake Failed (Error 4015)
The issue seems to be specific to the TLS negotiation phase. When we test the trunk connection in the Genesys Admin portal, the diagnostic tool returns a 4015 error after 5 seconds. The Zendesk Talk integration worked perfectly with our existing SIP provider, so we know the credentials and IP allowlists are correct. However, the Genesys Edge logs show that the certificate chain is being rejected.
We have mapped the Zendesk ticket-to-interaction data correctly, and the digital channels are migrating without issue. The problem is strictly isolated to the voice component. We have verified that the CA certificates are uploaded to the Genesys Edge configuration, and the private key matches the certificate. Despite this, the edge refuses to complete the handshake.
Is there a specific certificate format or trust store configuration required for BYOC edges that differs from the standard Zendesk Talk setup? We are struggling to understand why the Genesys Edge is stricter than the Zendesk SIP proxy. Any insights on resolving this TLS mismatch would be greatly appreciated. We need to get the voice channels live before our cutover next week.