Yealink Forums
T48G v80 with 802.1X - Certificate chain error - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: T4x Series (/forumdisplay.php?fid=31)
+--- Thread: T48G v80 with 802.1X - Certificate chain error (/showthread.php?tid=26731)



T48G v80 with 802.1X - Certificate chain error - kris_k - 09-28-2016 09:52 AM

Hi,

We've bought a T48G to evaluate for deployment and so far cannot get the device to authenticate against the Cisco switches (3850's) using 802.1x. The phone is using firmware 35.80.0.130. The 802.1x related settings are as follows:

network.802_1x.identity = username
network.802_1x.md5_password = abc1234....
network.802_1x.mode = 3
network.802_1x.ca_file_name = Certificates.pem

This setting doesn't work either...
security.trust_certificates = 0

The pem file contains the intermediate and root cert of the public CA used for the radius cert. This cert chain is verified with the openssl cli tool. This chain also exists on the radius server and is correctly installed.

The radius server is NPS on Windows 2012R2. The event log contains the following error:
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 265
Reason: The certificate chain was issued by an authority that is not trusted.

As far as I can tell, this configuration should be fine for the phone. Is there something I'm missing?

Cheers,

Kris


RE: T48G v80 with 802.1X - Certificate chain error - Yealink_Michael - 10-29-2016 02:47 AM

Kris

thanks for your information .

for issue , please provide below information so that we can continue to analysis :

1. certificates you used for authentication .
2. phone side bin file , level 6 log file and pcap file , foe how to get them , please refer to below link :

http://forum.yealink.com/forum/showthread.php?tid=15529

thanks and looking forward to your reply