Hi,
i've created own server certificates for several SIP-T46S according to the guide "Using Security Certificates on Yealink IP Phones_V80_96.pdf". That means i've created a *.pem file containing key+certificate and installed my company CA under "Trusted Certificates". With the T46S everything works fine so if i access https://myt46s i see my own certificate. Exactly the same does not work for the newly bought W56P with all firmware updates applied. The certificate gets imported and listed under "Server Certificate", but after rebooting the phone, i still see the generic Yealink certificate.
Whenever i import my own server certificate, syslog prints the following line
"LIBD[850]: DCMN<3+error > file can't be opened"
though correctly listed under "Security->Server Certificates"
As i've tried several combinations, did multiple factory resets and it still doesn't work, could you please check if there is an issue with own server certificate import on the latest firmware?
Thanks, flex
Has sb tried to add a server certificate already? Does it work for you?
Or should i simply open a ticket @yealink
Dear Flex,
From your description, the CA was uploaded under "Trusted Certificates", but for W56P, it is uploaded under"Server Certificate". I think the "Trusted Certificates" is the right path to go. Would you please confirm this?
If still doesn't work, please raise a ticket and provide cert file and syslog with following steps:
1. export syslog to log server (log on phone will be erased after reboot)
2. upload cert to phone
3. login to the web interface and take a screenshot about cert list.
4. reboot the device.
When phone boot up, export the syslog and send to us on ticket.
Here is the FAQ about how to export syslog to server:
http://support.yealink.com/faq/faqInfo?id=313
Regards
Elaine
Hi,
i did the same for the W56P as for the T46S...
- place the company CA under 'Trusted Certificates'
- place the server cert under 'Server Certificates'
This doesn't work. I also tested with a self-signed certificate (and without my own CA)...without success.
Could somebody @yealink double check if there aren't issues with the latest firmware before i open a ticket? Seems like the better way to me.
(10-25-2017 07:17 AM)flex Wrote: [ -> ]Hi,
i did the same for the W56P as for the T46S...
- place the company CA under 'Trusted Certificates'
- place the server cert under 'Server Certificates'
This doesn't work. I also tested with a self-signed certificate (and without my own CA)...without success.
Could somebody @yealink double check if there aren't issues with the latest firmware before i open a ticket? Seems like the better way to me.
Hi Flex,
Local test cannot reproduce the issue. I upload a cert to Trusted Certificates/Server Certificates, save. After reboot, cert is still there. See attached picture.
Hi Elaine,
thanks for you test. Could you also upload and boot from a newly created "Server Certificate" and check if this newly created cert is offered when you connect to your phone _after_ reboot (instead of the Yealink generic cert). Because exactly here is where it stops working for me. I can
- upload a Trusted Certificate and i see it after reboot in the GUI
- upload a Server Certificate and i see it after reboot in the GUI
but the Server Certificate is never offered when connecting via browser.
(11-06-2017 08:20 AM)flex Wrote: [ -> ]Any news on this?
HI Flex,
"but the Server Certificate is never offered when connecting via browser." Here do you mean after you reboot the phone and connecting to the web interface, the browser does not use the new cert for your https login certifying?
If this is true, please upgrade to our latest V82 firmware, on which this is supported.
Firmware download link:
http://download.support.yealink.com/down...2.0.20.rom
After firmware upgrade, under Server Certificate page, change Device Certificate to Custom. Then your newly created server cert will be used by browser for https login.
Kindly have a test and share with the result.
Regards
Elaine
Hi Elaine,
are you sure V82 works with the W56P? Looks like the firmware image you provide is for the T4X version. At least...the update fails here.
It's still not working and seems like a firmware issue. Is a new firmware in the plans?
EDIT: I've opened a ticket.