I have a Polycom Browser application I'd like to expose via SSL on our fleet of VVX 500s. The server uses certficates supplied by StartSSL. This includes and intermediate and a root SSL. I added both of those to the Platform CA slots. This seemed to get rid of debug errors indicating the certificate root wasn't trusted.
However, I am unable to get past this:
0303175825|brow |4|00|Browser has encountered a SSL error [Id:22]The host name did not match any of the valid hosts for this certificate
0303175825|brow |4|00|[SSL handshake failed] - [https://api.xyz.com/custom/parkingorbit/index.xhtml]
When I validate the certificate URL using an external service (such as http://www.sslshopper.com/ssl-checker.html), I get the correct Host Name / SAN on the certificate. The page also displays just fine on other browsers.
Yet nothing I can do seems to clear the error on the VVX phones, which displays as "SSL/TLS handshake failed".
Any ideas on how I may be able to resolve this?
Hello joshelson ,
I would suggest to lower the "brow" and "curl" log level to 2 and then repeat the test and check the logs.
Polycom Global Services
I am running PolycomVVX-VVX_500-UA/220.127.116.1107. I couldn't find any known issues with this version that would affect SSL CA root processing.
This is NOT a wildcard certificate, though I do use several alternate names in the certificate. The CN= name is the root of the URL I am trying to access.
I will turn down the debug and give it another shot and report back.
I turned up brow and curl to give me most information. All I got was the same:
0304194429|brow |4|00|Browser has encountered a SSL error [Id:22]The host name did not match any of the valid hosts for this certificate
0304194429|brow |4|00|[SSL handshake failed] - [https://api.xxx.com/custom/parkingorbit/index.xhtml]
Any other ideas on what might cause this? Or any other things I can do to resolve?
Hello joshelson ,
the next official step is to raise this with your Polycom reseller to bring it to the attention of Polycom support.
If this is not possible please follow up the instructions within my signature.
Browser has encountered a SSL error [Id:22]The host name did not match any of the valid hosts for this certificate
[SSL handshake failed] - [https://api.xyz.com/custom/parkingorbit/index.xhtml]
As you have probably noticed in a normal web browser by now that the DNS part or IP address of the URL used to access the webpage must exactly match one of the certificates alternate names. So if the phone is accessing the webpage via an IP address, but the IP address is not in the certificate, this error would be raised.
Yes, i know this is very old.