Quantcast
Channel: All VoIP / SIP Phones posts
Viewing all articles
Browse latest Browse all 13863

Re: How to disable CA certificate validation by IP Phones?

$
0
0

Hi Steffen Baier,

The link to the givn thread is already solved. I did accept the solution for the thread however for further comments down in the thread, "accept as solution" option does not come.
we found some workaroud and and that is why we did not raise any ticket. (I cant recall the workaroud at this point).

Answering you questions inline below:

For your new issue what is it that you are trying to archive?
[Arvind] Our provisioning server runs only on HTTPS. For the phones to accept HTTPS provisioning url, we need to install provisioning server's certificte in phone's CA which We dont want to do in all the phones. Thats why we want to diable server's ceritificate authorization in the phone.


What Phone models are you after this for this feature?
[Arvind] We are using SPIP450, VVX500.

The only place for something similar can be found Settings > Network > TLS > TLS Applications > Common Name Validation
[Arvind] I have tried disabling this for both SIP and Provisioning but it still TLS handshake failure with follwoing error.

 

SSL_connect error SSL connect error.error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure



In this thread, you have suggested that strictCertCommonNameValidation Parameter(Common Name Validation) which will only ignore the commonName/ SubjectAltName verification on server certificate in the SIP TLS negotiation and will not disable the CA validation.
So it seems according to what i understand is disabling Common Name Validation will not disable CA validation in phone.

Please let me know if there is a way to achieve this.
Thanks,
Arvind


Viewing all articles
Browse latest Browse all 13863

Latest Images

Trending Articles



Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>