Web User Interface
Phone User Interface
Initial Firmware Version
When on, the phone checks whether the FQDN of the server it is trying to connect to via TLS appears either as CN in the subject field or is listed in the IP/DNS fields of the Subject Alternative Names(SAN) extension of the certificate presented by the server. If the name/IP is not found, the certificate is rejected.
If the server has been entered in the phone settings as an IP address, this check will only accept the connection if the IP address is present in the IP field of the SAN. The certificate Common Name and DNS fields of the SAN will in this case be ignored.
The FQDN of the server it is trying to connect to is the server name that the A record resolution is done on. This means that if the server resolves with SRV+NAPTR in several hosts, then the phone will choose one host and try to connect to it via TLS. This will be the host that the phone will then try to compare with the CN or SANs from the certificate presented by the server.
The host name validation can be controlled with the setting host_name_validation_flags
Note for version 8.x: This setting has no effect if TLS Server Authentication is turned off.
UC Edition and Version 10.x
Non-UC Edition and Version 8.x