Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7730
Views
8
Helpful
7
Replies

8851 Getting Server Certificate Error

Martin Jefferson
Level 4
Level 4

‎05-11-2016 12:20 PM - edited ‎03-17-2019 06:06 PM

I have an 8851 I upgraded to 11.0.1 and when I enter the Spark Activation Code I get "Server certificate validation failed" and the status logs shows "invalid server certifacte:idbroker.webex.com".  anyone seen this and have a fix?

Labels:
7 Replies 7

jgiambo
Cisco Employee
Cisco Employee

‎05-11-2016 12:26 PM

I have seen this error on earlier alpha versions of the firmware however never on the production version.  This error is caused by the phone not being able to verify the certificate of the Spark Identity management system.  (idbroker.webex.com)

This could be caused by a Man in the Middle HTTP proxy changing the certificate being presented by the spark service. 

If you need help we are available 24/7 by phone. 

US Toll Free – 1-844-772-7524 or 1-844-SPARK-24

International Direct Dial – 408-906-1107

0 Helpful

Paul Anholt
Cisco Employee
Cisco Employee

‎05-11-2016 12:44 PM

Martin,

This can be caused by an NTP issue. The cert for idbroker.webex.com has a validity start date of Thursday, April 9, 2015 at 8:00:00 PM Eastern Daylight Time, and without NTP the phones will have a time set some time in November 2015.

The phones have a fallback NTP server of "0.tandberg.pool.ntp.org" so you can check whether NTP is being blocked to that address.

The other option is to assign an NTP server via dhcp option 42.

-Paul

Martin Jefferson
Level 4
Level 4
In response to Paul Anholt

‎05-11-2016 12:47 PM

Not a time issue.  The time on the phone is correct?

0 Helpful

Chad Patterson
Cisco Employee
Cisco Employee
In response to Martin Jefferson

‎05-11-2016 01:05 PM

Martin,

It's possible the activation code you are using is no longer valid. If that is the case, the phone will show the server validation error message you are seeing. Can you generate a new activation code and try that?

-Chad

0 Helpful

Martin Jefferson
Level 4
Level 4

‎05-11-2016 01:34 PM

The issue was where I was generating the activation code.  It's an 8851 and I was using the Device Page to activate it.  I needed to use the User Page instead.  Didn't think it would make that big a difference.  Apparently it does.

0 Helpful

nofxcasey
Spotlight
Spotlight

‎11-09-2016 02:20 PM

We got past this by doing an 'all settings' reset on the device.

0 Helpful

shrudixi
Cisco Employee
Cisco Employee

‎11-11-2016 02:39 AM

This issue occurs because the website certificate has multiple trusted certification paths on the web server. To work around this issue, delete or disable the certificate from the certification path that you do not want to use.

Customers Also Viewed These Support Documents