cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

816
Views
0
Helpful
0
Replies
Highlighted
Beginner

SPA303 Provisioning over SSL with Client Verification problem

Hello,

We use DHCP (66) HTTPS URL for provisioning and initial configuration of SPA303 phones.

When Client Verification is enabled - the phones fail to authenticate to the web server and provisioning fails. It works perfectly when Client Verification is disabled. Debug logs and ssl traffic sniffing revealed only that the phones fail to authenticate properly with the built-in certificates to the server.

The server certificate passes validation (Cisco issued), however, since no full CA chain is availible from Cisco - we can't be completely sure it's valid.
Server side is Apache, the SSL conf is as follows:

SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:+MEDIUM

SSLCertificateFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.cert

SSLCertificateKeyFile /usr/local/apache2/conf/ssl/conf/ssl/pserv.dom.com.key

SSLProtocol All -SSLv2

SSLVerifyClient require

SSLCACertificatePath /usr/local/apache2/conf/ssl/conf/ssl/

SSLCACertificateFile /usr/local/apache2/conf/ssl/conf/ssl/combinedca.crt

Could it be a problem with the server conf or certificate(s) issue?

PS.

We followed those to obtain the certs:

https://supportforums.cisco.com/docs/DOC-9852

https://supportforums.cisco.com/docs/DOC-12709

Any ideas appriciated!

Everyone's tags (3)