Document ID: 108605
Updated: Dec 12, 2008
This article is one in a series to assist in the setup, troubleshooting, and maintenance of Cisco Small Business products (formerly Linksys Business Series).
Q. I am unable to authenticate to an HTTPS server using the SPA2102, SPA3102, and SPA9000. What is the problem?A.
The client certificates on some SPA2102, SPA3102, and SPA9000 devices manufactured between November 15, 2005 and June 15, 2006 were installed incorrectly. This defect affects the HTTPS provisioning feature.
The devices with incorrect certificates will fail client authentication with an HTTPS server.
This defect, however, does NOT affect proper functionality of the devices, including HTTPS server authentication, all telephony functions, remote firmware upgrades, and TFTP and HTTP based provisioning. Secure provisioning can be performed by transmitting encrypted provisioning files via TFTP or HTTP. The encrypted voice function is also not affected.
Some, but not all, of the devices in the following ranges of serial numbers have incorrect client certificates:
Range of Serial Numbers
FM500F100000 - FM500F699999
?FM600F100000 - FM600F699999
FM700F100000 - FM700F699999
If your device has this flaw, and the device needs to be remotely provisioned, you may take one of the following actions:
- Use HTTP or TFTP based provisioning with encrypted provisioning profiles.
- Use HTTPS provisioning with:
- server authentication enabled,
- client authentication disabled, or
- encrypted provisioning profiles (encrypted via the Linksys SPC tool or openssl).
Devices with correctly installed client certificates are currently available.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.