New Forum system requires email address which you used to apply for your account to replace your original username. Password stays the same.Please see this post for more details
http://forum.yealink.com/forum/showthread.php?tid=40344

Yealink Test Club has been officially launched. Please visit post below to get detail information. Come and join us!
http://forum.yealink.com/forum/announcements.php?aid=18

We just had the YMCS online and we are also working on the features plan on the future versions, in this regard we are need to hear your voice about the YMCS.
Please visit : http://forum.yealink.com/forum/showthread.php?tid=42322


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Yealink v80 series Client Certificate Problem
Author Message
mehmetozi Offline
Junior Member
**

Posts: 2
Joined: Aug 2015
Reputation: 0
Post: #1
Yealink v80 series Client Certificate Problem
Hi,

I have a problem with my sip server and new yealink phones.
I was using v60 version phones before. Noq I am using new t2x series phones with v80x firmware.
But When I try to use TLS I was getting Unknown CA problem. I looked at the problem and saw thet new phones sending client certicate and because it is self signed, my server does not verify it.
According to Using_Security_Certificates_Yealink_IP_Phones_V80_60 documents I can not delete these device or unique certificates. And there is not any phone option as do not send phone certificate. Plus I can not change my server to verify if exists to do not verify even the client has certificate.
I have tried to decode client certificate from wireshark and converted der format to pem and hashed it via openssl. Then copied this client certificate to appropriate place on my system. But this did not even work.
Also in the same document it is written to create a custom certificate, but I can not deploy to every phone for every customer.

I was thinking to replace yealink phones with new ones. But why do I have to change my server certificate settings ,why yealink forces me sth like that? I can no afford that.

Is there any easy way for that?
Please inform me about this.
(This post was last modified: 12-03-2015 04:21 PM by mehmetozi.)
12-01-2015 09:24 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Yealink_Michael Offline
Administrator
*******

Posts: 382
Joined: Jul 2015
Reputation: 1
Post: #2
RE: Yealink v80 series Client Certificate NightMare
hi

sorry for the inconvenience

for this situation , you can try below two solutions :

1. disable the "Only Accept Trusted Certificates"
web page path : Security -> Trusted Certificates -> Only Accept Trusted Certificates
you can also disable it through auto provision , sentence below :
security.trust_certificates = 0

for how to auto provision , please refer to the guide download from below link :

http://support.yealink.com/attachmentDow...V80_60.pdf


2. use one of the 30 build-in certificates as the certificate of your server . for more details, please refer to the FAQ below
http://support.yealink.com/faq/faqInfo?id=2

TKS & BR

Michael
12-02-2015 06:09 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
mehmetozi Offline
Junior Member
**

Posts: 2
Joined: Aug 2015
Reputation: 0
Post: #3
RE: Yealink v80 series Client Certificate NightMare
Hi,

Thanks for your reply.
But my real problem is sending the client certificate by new yealink phones to my server.
Because my server is verifying client if it has certificate. In older yealink phones, they were not sending client certificate . So I did not have any problem.
Now I have this problem with large deploys.

Could you please advice a way to fix this problem?

Regards
12-02-2015 02:50 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Multicast / Paging / Intercom - Yealink T58 Ryandh 19 14,543 08-11-2019 07:28 PM
Last Post: Chris708
  YEALINK AUTO PROVISION Dmitryche 1 395 08-09-2019 09:25 AM
Last Post: Paz_Yealink
Question 3CX / Yealink passthrough VLAN issue (when phone is rebooted) maindriver 3 498 08-01-2019 12:19 PM
Last Post: Evan_Yealink
  Yealink Dialplan Alain 0 968 09-19-2018 05:10 PM
Last Post: Alain
  Yealink T48S displays message "No service" David K L 1 2,266 04-17-2018 03:39 AM
Last Post: Paul_Yealink
  Yealink Dial Plan RobertCrawford 8 4,886 03-09-2018 06:38 AM
Last Post: Johnny88
  Can't get T2X to accept LetsEncrypt Certificate mark@dark 0 1,287 01-11-2018 02:36 PM
Last Post: mark@dark
  Yealink secure certificates and disabling ciphers Scot E. 1 1,656 12-29-2017 03:40 AM
Last Post: Lucia_Yealink
  Call Parking - Yealink Phone - Asterisk 11 vs 13 Velocita Technology 1 1,862 12-26-2017 06:06 AM
Last Post: Lucia_Yealink
  Yealink T20P phones with Fonality firmware Quan7 0 1,662 10-04-2017 10:00 PM
Last Post: Quan7

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication