Hello, I got  a lot of soundpoint phones with ucs 4.0.15.1009. According to the relevant ucs admin guide this Version of the software should accept my server certificates which are issued by comodo. The chain of trust in my case goes like this:

my.server.name > Sectigo RSA Domain Validation Secure Server CA > USERTrust RSA Certification Authority > AAA Certificate Services

But the phones ssl-error on trying to reach the provisioning server with the message that validation of the certs would fail.

To be sure I got everything else right, I manually installed the 'AAA Certificate Services' root certificate in one phone as platform CA 1. After  this it worked like expected.

To be sure what we are talking about here: 'AAA Certificate Services' is the CN of the subject of the root certificate I'm talking about, and I can verify that my server certificate chain is ultimately signed by that. You can find it easily by googling.

So my question is: Why are my server certificates not trusted by default, since the ucs admin guide says that the 'AAA Certificate Services' root is trusted?

greetings,

Stefan