Child pages
  • TLS - HTTPS no longer works after upgrade from version 8.x to 10.x

Contents

This problem is related to Server Authentication.

In version 8.x, Snom phones do not verify server identities by default. You can activate the feature on the certificates page of the web interface.

As of version 10.x, to improve security requirements, Snom phones force the server identity verification. This verification cannot be disabled because that would create a security weakness for the Snom Phones.

In order for TLS/HTTPS to work:

  1. The server certificate must be trusted. If the certificate was not issued by a trusted CA, a warning will appear on the screen and you can then manually or automatically trust the certificate.
    See TLS Support#AddingUnknownCertificates

  2. The FQDN used to connect to the server must be present in the certificate presented by the server: either as CN in the subject field or listed in the IP/DNS fields of the Subject Alternative Names extension.
    See details here: check_fqdn_against_server_cert.

    Note: you can disable this check by setting check_fqdn_against_server_cert to "off", but please do this only as temporary solution as it is not recommended for security reasons.


In version 10.1.33.33 setting check_fqdn_against_server_cert cannot be disabled. This will be solved in the next release.