Hi Support,
I'd be grateful if someone could help me to answer SSL root CA questions below. I know there are multiple SSL cert posts and I tried to read them all, but I didn't find answer to these questions.
We are using latest version of Polycom UCS 5.4.1 firmware on Polycom VVX201 and VVX300. We're trying to provision it using HTTPS with Starfield Tech Root CA G2 on the provisioning server. But we're having issues with phone not connecting to the provisioning server (checking the server log).
When I check the phone log I get the usual SSL errors:
SSL_connect error Peer certificate cannot be authenticated with known CA certificates. SSL certificate problem, verify that the CA cert is OK. Details:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I checked the Polycom Trusted Certificate Authority List to make sure that our CA Starfield Tech root CA G2 is on the list and I can see it was added last year to firmware version 5.3.0. So in theory this should work just fine.
We didn't want to start uploading our own custom Root CA certificates onto the phone as we need to deploy 200+ phones and this is not feasible.
My questions are will the Polycom phone on firmware version 5.4.1 trust/support:
1. multiple wildcards in the CN - e.g. *.*.domain.com
2. wildcards not in the first fragment in the CN e.g. subdomain.*.domain.com
3. The same questions 1 & 2 for the SANs (Subject Alternative Names)
4. Can you confirm the thumbprint of the starfield root CA that's installed by Polycom out of the box?
The one we can see on Starfield root CA is Fingerprint=2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5
I wonder if that matches what Polycom added as well.
Thanks,
Patrik
