Yealink Forums

Full Version: wildcard certificate failing to be accepted with "only accept trusted certificates"
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I have been using a self-signed cert and it has been working great with four different models of Yealink phones. I am now trying to use a wildcard certificate from GoDaddy and running into problems. The certificate will be accepted if I do not enable "Only Accept Trusted Certificates", but if I enable it, the lines will not register. I have uploaded the CA cert given to me by GoDaddy in addition to the GoDaddy root certificate and even the certificate itself to the Trusted Certificate store. I have the level 6 log and the certificates if needed for troubleshooting. I'm not sure what to do. I have tried everything I could. It works fine with my self-signed cert (not a wildcard) and CA, but not with my wildcard cert. Any thoughts?

Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_connect (read done)
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_connect succeeded
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_is_init_finished done
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] tls_connect: remote certificate: subject:/OU=Domain Control Validated/CN=*.REMOVED.com
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
Mar 10 00:30:50 SIP [371]: SDL <3+error > [000] Failed to verify remote certificate
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] verification failure: self signed certificate in certificate chain
Hi,

would you please tell me what's the firmware does this phone run?

if your phone can upgrade to v80(x.80.0.x),please upgrade the firmware first,then test again.

BR

klaus
This example is from a W52 which are the only phones that use TLS in my organization. There isn't a V80 firmware for those yet on your website. I also have T38s and T32s which don't have V80 either.

I did try this on a T46 running 28.80.0.95 and ran into the same problem. I didn't see any log entries for SSL, TLS, or cert so I'm not sure what to look for.
I have now repeated this on a T32, a T46, and a W52 all with the latest firmware. My browser has the same CA certs and it accepts the certificate. The debug log on the phone just says that it can't verify the cert. Is there any chance I can send you the certs and you guys can tell me what is wrong? It could be a cert problem, but I'm not sure what it could be since my browser accepts it.
Any chance I can get some help on this? We switched away from a self-signed cert so we could get around having to worry about the CA. I really need to figure out why these phones are accepting the certificate.
Reference URL's