Howto:Fix a Device with a self-signed Device Certificate

Applies To

This information applies to

More Information

Problem Details

innovaphone devices that have been shipped prior to the release of V7.00 do not have a device certificate which is derived from innovaphone's CA. Instead, a self-signed certificate is created automatically for such devices. You will observe that this device has only a certificate for itself in the Device certificate list in the General / Certificates tab. A device with an official device certificate will also have a certificate called innovaphone Device Certification Authority in the list.

In some cases, such self-signed certificates may be rejected by a browser with a message to the effect that there is already another certificate with the same serial number present (e.g. error code sec_error_reused_issuer_and_serial in Firefox). Depending on the browser, it may then not be possible to establish a TLS (i.e. HTTPS) connection to this device.


To fix this situation, go to General / License and follow the link. You should see a message like Your IPxxx does not have a device certificate on it.. Click on the Download Certificate button to retrieve an official device certificate.

Known Problems

innovaphone telephone certificates cannot be fixed by this way

Your account must have the permission to create a new device certificate. If your account does not have the right (you may simply try it to find out), it can be granted upon request only, so please request it only if you have a real problem with the certificate!

Your box must be able to reach innovaphone's server and do resolve this DNS name.

You will probably first see a message Server certificate rejected. To fix this, go to the General / Certificates tab and Trust the AAA Certificate Services and * certificates listed under Rejected certificates.

The device must be yours. So it needs to be listed in one of the projects available to the account you specified in the Config account section.

