Hello,
We use DHCP (66) HTTPS URL for provisioning and initial configuration of SPA303 phones.
When Client Verification is enabled - the phones fail to authenticate to the web server and provisioning fails. It works perfectly when Client Verification is disabled. Debug logs and ssl traffic sniffing revealed only that the phones fail to authenticate properly with the built-in certificates to the server.
The server certificate passes validation (Cisco issued), however, since no full CA chain is availible from Cisco - we can't be completely sure it's valid.
Server side is Apache, the SSL conf is as follows:
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:+MEDIUM
SSLCertificateFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.cert
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.key
SSLProtocol All -SSLv2
SSLVerifyClient require
SSLCACertificatePath /usr/local/apache2/conf/ssl/conf/ssl/
SSLCACertificateFile /usr/local/apache2/conf/ssl/conf/ssl/combinedca.crt
Could it be a problem with the server conf or certificate(s) issue?
PS.
We followed those to obtain the certs:
https://supportforums.cisco.com/docs/DOC-9852
https://supportforums.cisco.com/docs/DOC-12709
Any ideas appriciated!