reco Posted January 7, 2013 Report Share Posted January 7, 2013 i successfully installed a domain certificate on our pbx. navigating to http://voice.domain.com shows a valid certificate for teh domain now all the phone though report: Provisioning Server Failed… i guess this has something todo with the certificate not installed on each phone. i was under the assumption if i the settings url is http and not https this should work http://voice.domain.com/provisioning/snom760.htm what is the recommended procedure? thanx Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 7, 2013 Report Share Posted January 7, 2013 AFAIK the 7xx series has a list of trusted root CA that should match your cert as well. I dont think that the problem is here. I would definitely check the log file of the phone, there must be some hint what is going on. Quote Link to comment Share on other sites More sharing options...
reco Posted January 7, 2013 Author Report Share Posted January 7, 2013 when i logged into the phone it told me that it tried to provision over https and that this is something which could be a security issue. sorry my wording Quote Link to comment Share on other sites More sharing options...
Mr. Black Posted January 7, 2013 Report Share Posted January 7, 2013 when i logged into the phone it told me that it tried to provision over https and that this is something which could be a security issue. sorry my wording On the Snom M9 I had similar issues and a quick and dirty (but not very secure with regards to possible MITM attacks) workaround was to tell the phones to provison via https but accept all certs without trying to check their validity. You could try that temporarily if your endpoints have that option - just to get back up and running confirm it is a certificate issue. Quote Link to comment Share on other sites More sharing options...
reco Posted January 7, 2013 Author Report Share Posted January 7, 2013 On the Snom M9 I had similar issues and a quick and dirty (but not very secure with regards to possible MITM attacks) workaround was to tell the phones to provison via https but accept all certs without trying to check their validity. You could try that temporarily if your endpoints have that option - just to get back up and running confirm it is a certificate issue. yeah i know but there should be a better option no? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted January 7, 2013 Report Share Posted January 7, 2013 There is a client side of it and a server side. On the client side, the general rules of trusting the server apply. The server has to be in the list of trusted Root CA. The best solution is to use a certificate that is issued by one of the generally trusted CA, so that you can also use https from your browser. By default the snom phones don't verify the server; if you want to make sure that there is no hanky panky going on you have to change that policy before provisioning the device. In the first provisioning you can actually change that policy, so that subsequent requests will verify the certificate. For the server, the question is "who are you?". Certificate-based authentication works very nicely when the phones have a client certificate installed; however for snom that is only the case for 7xx, 8xx and the m9 devices. For 3xx devices, all devices have the same certificate :-/ so you cannot trust them and instead have to set up username and password for automatic provisioning. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.