Yealink Forums
SHA1 certificates: A BIG problem - Printable Version

+- Yealink Forums (
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Auto Provisioning (/forumdisplay.php?fid=14)
+--- Thread: SHA1 certificates: A BIG problem (/showthread.php?tid=13523)

SHA1 certificates: A BIG problem - lonvoice - 03-24-2016 09:50 PM

Ok, as Yealink will be aware I'm sure, it is no longer possible to get SHA1 certificates through the usual CAs. This is a BIG problem for our installed base out there, as the vast majority of handsets cannot accept SHA256 certificates.

I appreciate that there is a guide on how to disable the trusted certificates manually on the phone, or upgrade the firmware but this does not help us. And this is not autoprovisioning!

Yealink handsets have a Yealink CA loaded into them by default, so it stands to reason that Yealink can generate certificates for RPS servers. I have contacted Yealink UK and they seem to agree that this is possible, but are quoting long delays as the request will need to go via China.

This is an urgent issue for us as we need to renew the certificate on our RPS server, and we have a customer (the first of many, I'm sure) who is trying to restore the config on one of his phones.

We need a fix for this URGENTLY. Yealink have a duty to assist in this situation! Please advise!!

RE: SHA1 certificates: A BIG problem - Klaus_Yealink - 03-25-2016 01:56 AM


We are very worried about your issue,and I will FW your infomation to my colleage,he will help you ASAP.



RE: SHA1 certificates: A BIG problem - innovot - 03-31-2016 04:04 PM

+1 as we are in the same position. We are having to consider using HTTP until this problem is resolved which is a complete failure from a security perspective. Do hope Yealink come up with a solution very quickly indeed.

RE: SHA1 certificates: A BIG problem - bsanders - 04-06-2016 10:13 PM

Support please advise on status of this.