Wiki

WebPhone NS engine localhost certificate issue


WebPhone builds released between May 11 and July 23 were affected by a Comodo certificate issue.

The problem were fixed in the latest version of the webphone released at July 24, 2017 by a revalidated new certificate.

Details:

As you might know, the webphone NS engine uses a localhost certificate to enable the communication between the browser and the local NS engine (installed on enduser PC). 

Unfortunately the TLS certificate used here were revoked due to a bug in Comodo certificate management.

The problem was not related with our company as this bug where affected all Comodo customers who purchased a certificate from them between 3 May and 11 May and unfortunately we also made the purchase in this time frame.

Please note that this issue is affecting only webphone instances using the NS engine and only in some browsers (Firefox is affected for sure. Chrome seems to accept the old certificate).

This was the official answer for our certificate provider:

On 18th July 2017, Comodo revoked all affected orders from 3rd May - 11th May. All that orders were replaced on 12th May. If order is Active, than just reinstall latest files to your server, if processing, you need complete validation process.

The history of the problem: As you may know, Comodo services were down for 20-hours starting at 7.00pm (UTC+3) on 10th May 2017 till 3:00pm (UTC+3) on 11th May. Unfortunately, Comodo lost all orders from 3rd MAY 15:19:00(UTC+3) to 11th MAY. They replaced all that orders on during 12th May adding extra 90 days as a compensation to all affected orders. All affected orders should be re-validated and re-installed. On the first days, they told us that NONE lost SSL certs will be revoked and customers may use existing certificates. However, on 18th July, they revoked all lost orders and as a result thousands of customers were affected. There is nothing we can do, as all orders were replaced on 12th June and must be used. We hope that is the first and the last incident with such awful results. 

We had a complete trust in our certificate as Comodo is a well-known reputable company and their certificates are used by numerous big companies, however we were in the unfortunate position to be hit by this issue.

These kind of issues are apparently very rare among certificate providers and we hope that we will never ever run into similar issue. We also plan to add auto TLS certificate upgrade capability for the webphone to avoid any similar issues in the future.

Please contact us for a new webphone build if this issues is causing issues for you and you haven't received an upgrade yet.

After the upgrade, if you wish the new NS engine to be offered for your customers, you should set the "minserviceversion" webphone parameter to 14 (you can add paraneter this to the webphone_api.js file in the parameter list section at the beginning of the file: minserviceversion: 14).

For instant changes on your PC, you can also manually re-install the NS engine by launching the the WebPhoneService_Install.exe from the webphone\native folder.



 |  View Topic History  |