12-01-2015, 09:24 PM
Hi,
I have a problem with my sip server and new yealink phones.
I was using v60 version phones before. Noq I am using new t2x series phones with v80x firmware.
But When I try to use TLS I was getting Unknown CA problem. I looked at the problem and saw thet new phones sending client certicate and because it is self signed, my server does not verify it.
According to Using_Security_Certificates_Yealink_IP_Phones_V80_60 documents I can not delete these device or unique certificates. And there is not any phone option as do not send phone certificate. Plus I can not change my server to verify if exists to do not verify even the client has certificate.
I have tried to decode client certificate from wireshark and converted der format to pem and hashed it via openssl. Then copied this client certificate to appropriate place on my system. But this did not even work.
Also in the same document it is written to create a custom certificate, but I can not deploy to every phone for every customer.
I was thinking to replace yealink phones with new ones. But why do I have to change my server certificate settings ,why yealink forces me sth like that? I can no afford that.
Is there any easy way for that?
Please inform me about this.
I have a problem with my sip server and new yealink phones.
I was using v60 version phones before. Noq I am using new t2x series phones with v80x firmware.
But When I try to use TLS I was getting Unknown CA problem. I looked at the problem and saw thet new phones sending client certicate and because it is self signed, my server does not verify it.
According to Using_Security_Certificates_Yealink_IP_Phones_V80_60 documents I can not delete these device or unique certificates. And there is not any phone option as do not send phone certificate. Plus I can not change my server to verify if exists to do not verify even the client has certificate.
I have tried to decode client certificate from wireshark and converted der format to pem and hashed it via openssl. Then copied this client certificate to appropriate place on my system. But this did not even work.
Also in the same document it is written to create a custom certificate, but I can not deploy to every phone for every customer.
I was thinking to replace yealink phones with new ones. But why do I have to change my server certificate settings ,why yealink forces me sth like that? I can no afford that.
Is there any easy way for that?
Please inform me about this.