+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: Yealink v80 series Client Certificate Problem (/showthread.php?tid=11643)
Yealink v80 series Client Certificate Problem - mehmetozi - 12-01-2015 09:24 PM
Hi,
I have a problem with my sip server and new yealink phones.
I was using v60 version phones before. Noq I am using new t2x series phones with v80x firmware.
But When I try to use TLS I was getting Unknown CA problem. I looked at the problem and saw thet new phones sending client certicate and because it is self signed, my server does not verify it.
According to Using_Security_Certificates_Yealink_IP_Phones_V80_60 documents I can not delete these device or unique certificates. And there is not any phone option as do not send phone certificate. Plus I can not change my server to verify if exists to do not verify even the client has certificate.
I have tried to decode client certificate from wireshark and converted der format to pem and hashed it via openssl. Then copied this client certificate to appropriate place on my system. But this did not even work.
Also in the same document it is written to create a custom certificate, but I can not deploy to every phone for every customer.
I was thinking to replace yealink phones with new ones. But why do I have to change my server certificate settings ,why yealink forces me sth like that? I can no afford that.
Is there any easy way for that?
Please inform me about this.
RE: Yealink v80 series Client Certificate NightMare - Yealink_Michael - 12-02-2015 06:09 AM
hi
sorry for the inconvenience
for this situation , you can try below two solutions :
1. disable the "Only Accept Trusted Certificates"
web page path : Security -> Trusted Certificates -> Only Accept Trusted Certificates
you can also disable it through auto provision , sentence below :
security.trust_certificates = 0
for how to auto provision , please refer to the guide download from below link :
http://support.yealink.com/attachmentDownload/download?path=upload%2Fattachment%2F2015-7-13%2F3%2Fd9edb38a-80c2-4649-ae20-8001126b8219%2FYealink_SIP-T2+Series_T19%28P%29+E2_T4+Series_IP_Phones_Auto_Provisioning_Guide_V80_60.pdf
2. use one of the 30 build-in certificates as the certificate of your server . for more details, please refer to the FAQ below
http://support.yealink.com/faq/faqInfo?id=2
TKS & BR
Michael
RE: Yealink v80 series Client Certificate NightMare - mehmetozi - 12-02-2015 02:50 PM
Hi,
Thanks for your reply.
But my real problem is sending the client certificate by new yealink phones to my server.
Because my server is verifying client if it has certificate. In older yealink phones, they were not sending client certificate . So I did not have any problem.
Now I have this problem with large deploys.
Could you please advice a way to fix this problem?
Regards