Yealink Forums - Unable to establish secure connection with CUCM

Hello community,

I am trying to deploy W56 phone with CUCM using TLS/SSL between them.
Disabling SSL the phone registers and works just fine. But when I enable secure communication I can't get the phone to register. TLS handshake can't be established.
I've done a packet capture and what I see is that we have the client and server Hello and the server requests certificate. Then the phone sends its own certificate, but the CUCM server rejects it with "Unknown CA" error.

My question is how to get the phone certificate and upload it in CUCM so I can make CUCM trust the phone? Or am I doing something wrong here? Is there someone who has this kind of setup? I would appreciate any help!

Regards!

HI Georgi，

For your problem, you can upload your server certificate mannualy on phone WUI to solve this issue.
Please refer to the picture attach to upload the file.
[attachment=4951]

Best Regards,
Lucia

(04-17-2018 03:33 AM)Lucia_Yealink Wrote: [ -> ]HI Georgi，

For your problem, you can upload your server certificate mannualy on phone WUI to solve this issue.
Please refer to the picture attach to upload the file.

Best Regards,
Lucia

Hello Lucia,

I did upload the server certificate of CUCM to the phone in the Trusted Certificate section. The phone still sends the "support@yealink.com" signed certificate and CUCM rejects it.
Is there a way to make the phone use exactly the certificate I uploaded and not its own?

Thank you for your help!
Regards,
Georgi

HI Georgi，

Please send the certificate, the level 6 syslog, config.bin and PCAP when you reproduce the issue to us.
Refer to the FAQ below to collect the files:
http://support.yealink.com/faq/faqInfo?id=707

BR
Lucia