07-07-2011 02:23 AM
I have a customer who is developing a login/logout applicaton for their SSIP 5k & 7k. Now they have the following issues/questions:
They are trying to browse to an SSL-protected site from the SSIP 5000 phone’s microbrowser.
What they have done
They followed the instructions contained within that certificates bulletin (17877) and created a self-signed CA certificate. They then installed it to the phone’s CA list as described and that worked successfully. They created a pfx from the certificate so that they could install in IIS and SSL-enable the website.
When they browse to the site using Internet Explorer and the site displays correctly with no errors or warnings.
When they browse to the site using the phone microbrowser they get a browser error:
SSL certificate problem, verify that the CA cert is ok.
Details: error 14090086:SSL routines
SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
A trace in Wireshark shows the client and server hello succeed, then comes the TLS fatal alert with bad Certificate as the description.
So it looks as though my CA certificate is wrong somehow even though the same process works fine with a different browser.
Are there any known issues using a custom certificate installed to the phone’s CA list from the microbrowser?
Thanks in advance
07-07-2011 02:28 AM
welcome to the Polycom Community.
The phone is supporting TLS and a custom certificate that is usually used for HTTPS Provisioning.
As far as I am aware mutual TLS on Micro Browser is currently not supported.
Please raise this as a feature request via https://jira.polycom.com/secure/CreateIssue.jspa?os_username=jiraguest&os_password=polycom&pid=10240...
Polycom Global Services