[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
wildcard certificate failing to be accepted with "only accept trusted certificates"
Author Message
kg4ysy Offline
Member
***

Posts: 65
Joined: May 2013
Reputation: 2
Post: #1
wildcard certificate failing to be accepted with "only accept trusted certificates"
I have been using a self-signed cert and it has been working great with four different models of Yealink phones. I am now trying to use a wildcard certificate from GoDaddy and running into problems. The certificate will be accepted if I do not enable "Only Accept Trusted Certificates", but if I enable it, the lines will not register. I have uploaded the CA cert given to me by GoDaddy in addition to the GoDaddy root certificate and even the certificate itself to the Trusted Certificate store. I have the level 6 log and the certificates if needed for troubleshooting. I'm not sure what to do. I have tried everything I could. It works fine with my self-signed cert (not a wildcard) and CA, but not with my wildcard cert. Any thoughts?

Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_connect (read done)
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_connect succeeded
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] SSL_is_init_finished done
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] tls_connect: remote certificate: subject:/OU=Domain Control Validated/CN=*.REMOVED.com
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2
Mar 10 00:30:50 SIP [371]: SDL <3+error > [000] Failed to verify remote certificate
Mar 10 00:30:50 SIP [371]: SDL <6+info > [000] verification failure: self signed certificate in certificate chain
03-10-2016 08:32 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Klaus_Yealink Offline
Super Moderator
******

Posts: 180
Joined: Jul 2015
Reputation: 0
Post: #2
RE: failing to be accepted with "only accept trusted certificates"
Hi,

would you please tell me what's the firmware does this phone run?

if your phone can upgrade to v80(x.80.0.x),please upgrade the firmware first,then test again.

BR

klaus
03-10-2016 06:38 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
kg4ysy Offline
Member
***

Posts: 65
Joined: May 2013
Reputation: 2
Post: #3
wildcard certificate failing to be accepted with "only accept trusted certificates"
This example is from a W52 which are the only phones that use TLS in my organization. There isn't a V80 firmware for those yet on your website. I also have T38s and T32s which don't have V80 either.

I did try this on a T46 running 28.80.0.95 and ran into the same problem. I didn't see any log entries for SSL, TLS, or cert so I'm not sure what to look for.
03-10-2016 09:15 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
kg4ysy Offline
Member
***

Posts: 65
Joined: May 2013
Reputation: 2
Post: #4
wildcard certificate failing to be accepted with "only accept trusted certificates"
I have now repeated this on a T32, a T46, and a W52 all with the latest firmware. My browser has the same CA certs and it accepts the certificate. The debug log on the phone just says that it can't verify the cert. Is there any chance I can send you the certs and you guys can tell me what is wrong? It could be a cert problem, but I'm not sure what it could be since my browser accepts it.
03-14-2016 11:37 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
kg4ysy Offline
Member
***

Posts: 65
Joined: May 2013
Reputation: 2
Post: #5
wildcard certificate failing to be accepted with "only accept trusted certificates"
Any chance I can get some help on this? We switched away from a self-signed cert so we could get around having to worry about the CA. I really need to figure out why these phones are accepting the certificate.
03-29-2016 10:16 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  LDAPS Issue with Lets Encrypt Certificates rcmcdonald91 0 2,391 10-12-2020 05:57 PM
Last Post: rcmcdonald91
  Can't get T2X to accept LetsEncrypt Certificate mark@dark 0 3,131 01-11-2018 02:36 PM
Last Post: mark@dark
  Yealink secure certificates and disabling ciphers Scot E. 1 4,956 12-29-2017 03:40 AM
Last Post: Lucia_Yealink
  Inconditional Forward Failing. warawara 1 4,446 10-01-2016 01:06 AM
Last Post: Kevin_Yealink
  certificate Paulo Batista 1 3,997 03-29-2016 05:08 AM
Last Post: Karl_Yealink
  Yealink v80 series Client Certificate Problem mehmetozi 2 6,765 12-02-2015 02:50 PM
Last Post: mehmetozi
  802.1x Certificate for PEAP clvgk 1 5,370 07-23-2015 08:01 AM
Last Post: James_Yealink
  SIP-T22P failing to register carlyle 3 10,803 06-25-2015 09:50 AM
Last Post: James_Yealink
  OpenVPN connection to Elastix failing l4telcom 6 21,611 03-01-2014 09:55 AM
Last Post: Yealink Support

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication