Yealink Forums
wildcard certificate failing to be accepted with "only accept trusted certificates" - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: wildcard certificate failing to be accepted with "only accept trusted certificates" (/showthread.php?tid=13205)



wildcard certificate failing to be accepted with "only accept trusted certificates" - kg4ysy - 03-10-2016 08:32 AM

I have been using a self-signed cert and it has been working great with four different models of Yealink phones. I am now trying to use a wildcard certificate from GoDaddy and running into problems. The certificate will be accepted if I do not enable "Only Accept Trusted Certificates", but if I enable it, the lines will not register. I have uploaded the CA cert given to me by GoDaddy in addition to the GoDaddy root certificate and even the certificate itself to the Trusted Certificate store. I have the level 6 log and the certificates if needed for troubleshooting. I'm not sure what to do. I have tried everything I could. It works fine with my self-signed cert (not a wildcard) and CA, but not with my wildcard cert. Any thoughts?

Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_connect (read done)
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_connect succeeded
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_is_init_finished done
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] tls_connect: remote certificate: subject:/OU=Domain Control Validated/CN=*.REMOVED.com
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
Mar 10 00:30:50 SIP [371]: SDL <3+error > [000] Failed to verify remote certificate
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] verification failure: self signed certificate in certificate chain


RE: failing to be accepted with "only accept trusted certificates" - Klaus_Yealink - 03-10-2016 06:38 PM

Hi,

would you please tell me what's the firmware does this phone run?

if your phone can upgrade to v80(x.80.0.x),please upgrade the firmware first,then test again.

BR

klaus


wildcard certificate failing to be accepted with "only accept trusted certificates" - kg4ysy - 03-10-2016 09:15 PM

This example is from a W52 which are the only phones that use TLS in my organization. There isn't a V80 firmware for those yet on your website. I also have T38s and T32s which don't have V80 either.

I did try this on a T46 running 28.80.0.95 and ran into the same problem. I didn't see any log entries for SSL, TLS, or cert so I'm not sure what to look for.


wildcard certificate failing to be accepted with "only accept trusted certificates" - kg4ysy - 03-14-2016 11:37 PM

I have now repeated this on a T32, a T46, and a W52 all with the latest firmware. My browser has the same CA certs and it accepts the certificate. The debug log on the phone just says that it can't verify the cert. Is there any chance I can send you the certs and you guys can tell me what is wrong? It could be a cert problem, but I'm not sure what it could be since my browser accepts it.


wildcard certificate failing to be accepted with "only accept trusted certificates" - kg4ysy - 03-29-2016 10:16 PM

Any chance I can get some help on this? We switched away from a self-signed cert so we could get around having to worry about the CA. I really need to figure out why these phones are accepting the certificate.