Settings/check fqdn against server cert

From Snom User Wiki

Jump to: navigation, search
WEB USER INTERFACE
n/a
PHONE USER INTERFACE
n/a
FIRMWARE VERSIONS
V8  
Starting versions: 8.8.3.26
XML CONFIGURATION
<check_fqdn_against_server_cert perm="PERMISSIONFLAG">VALIDVALUE</check_fqdn_against_server_cert>
DESCRIPTION
When on, the phone checks whether the FQDN of the server it is trying to connect to via TLS appears either as CN in the subject field or is listed in the IP/DNS names of the Subject Altnernative Names extension of the certificate presented by the server. If the name is not found the certificate is rejected. Note: This setting has no effect if TLS Server Authentication is turned off. The host name validation can be controlled with the setting Settings/host_name_validation_flags
The FQDN of the server it is trying to connect to is the sever name that the A record resolution is done on. This means that if the server resolves with SRV+NAPTR in several hosts, then the phone will choose one host and try to connect to it via TLS. This will be the host that the phone will then try to compare with the CN or SANs from the certificate presented by the server.
VALIDVALUE
on | off
DEFAULTVALUE
UC Edition and Version 10.x
on
Non-UC Edition and Version 8.x
off
FURTHER INFORMATION
TLS
Personal tools
Interoperability