Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
0
Replies

SPA303 Provisioning over SSL with Client Verification problem

makini
Level 1
Level 1

‎11-18-2012 09:33 AM - edited ‎03-21-2019 06:37 AM

Hello,

We use DHCP (66) HTTPS URL for provisioning and initial configuration of SPA303 phones.

When Client Verification is enabled - the phones fail to authenticate to the web server and provisioning fails. It works perfectly when Client Verification is disabled. Debug logs and ssl traffic sniffing revealed only that the phones fail to authenticate properly with the built-in certificates to the server.

The server certificate passes validation (Cisco issued), however, since no full CA chain is availible from Cisco - we can't be completely sure it's valid.
Server side is Apache, the SSL conf is as follows:

SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:+MEDIUM

SSLCertificateFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.cert

SSLCertificateKeyFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.key

SSLProtocol All -SSLv2

SSLVerifyClient require

SSLCACertificatePath /usr/local/apache2/conf/ssl/conf/ssl/

SSLCACertificateFile /usr/local/apache2/conf/ssl/conf/ssl/combinedca.crt

Could it be a problem with the server conf or certificate(s) issue?

PS.

We followed those to obtain the certs:

https://supportforums.cisco.com/docs/DOC-9852

https://supportforums.cisco.com/docs/DOC-12709

Any ideas appriciated!

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents