New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can't get T2X to accept LetsEncrypt Certificate
Author Message
mark@dark Offline
Junior Member
**

Posts: 2
Joined: Oct 2015
Reputation: 0
Post: #1
Can't get T2X to accept LetsEncrypt Certificate
Hi all

Testing on a T26P;
Firmware Version 6.73.0.50
Hardware Version 4.0.1.38

I have a LetsEncrypt FullChain key loaded in to our SIP server.

OpenSSL doesn't seem to have a problem with the cert chain;

# openssl s_client -connect abc.def.com:5061 -no_ssl2 -bugs
...
subject=/CN=abc.def.com
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
...
Verify return code: 0 (ok)


So back on the phone. If I set "trusted certs only" to disabled on the phone it connects fine.

Turning "trusted certs only" to enabled fails as I'd expect. As it doesn't yet have the root certs for LetsEncrypt.

However if I load either of the LetsEncrypt X3 Intermediate Certificates from https://letsencrypt.org/certificates/ in to the Trusted Certificates on the phone it still fails.

Looking at the phone logs it's seeing;

Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] SSL_is_init_finished done
Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] tls_connect: remote certificate: subject:/CN=abc.def.com
Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] tls_connect: remote certificate: issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Jan 11 14:05:07 SIP [465]: SDL <3+error > [000] Failed to verify remote certificate
Jan 11 14:05:07 SIP [465]: SDL <6+info > [000] verification failure: unable to get local issuer certificate


So it's seeing the cert but doesn't seem to be matching it to the intermediate given in the web front end.



What have I missed?

I can't believe that nobody out there is using LetsEncrypt.

Cheers
Mark
01-11-2018 02:36 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
Can't get T2X to accept LetsEncrypt Certificate - mark@dark - 01-11-2018 02:36 PM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  wildcard certificate failing to be accepted with "only accept trusted certificates" kg4ysy 4 4,941 03-29-2016 10:16 PM
Last Post: kg4ysy
  certificate Paulo Batista 1 2,174 03-29-2016 05:08 AM
Last Post: Karl_Yealink
  Yealink v80 series Client Certificate Problem mehmetozi 2 4,064 12-02-2015 02:50 PM
Last Post: mehmetozi
  802.1x Certificate for PEAP clvgk 1 2,812 07-23-2015 08:01 AM
Last Post: James_Yealink

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication