[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
GeoTrust Rapid SSL Wildcard Cert
Author Message
fonewiz Offline
Junior Member
**

Posts: 5
Joined: Aug 2015
Reputation: 1
Post: #1
GeoTrust Rapid SSL Wildcard Cert
Can someone confirm for sure that a GeoTrust Rapid SSL Wildcard certificate will be recognized and supported for auto-provisioning in the T-42, T-46 and T48's without the need to uncheck Allow Recognized Certificate Authorities <--- Says something like that, can't remember off hand.

I used a cheapy cert last time and it has been a mess trying to auto-provision the Yealinks so I want to be sure that I am purchasing a cert that the Yealinks will be happy with this time.

I reviewed the list here below from Yealink but when I try to purchase I can't match up the description with what the SSL folks are selling.

Yealink IP phones trust the following CAs by default:
 DigiCert High Assurance EV Root CA
 Deutsche Telekom AG Root CA-2
 Equifax Secure Certificate Authority
 Equifax Secure eBusiness CA-1
 Equifax Secure Global eBusiness CA-1
 GeoTrust Global CA
 GeoTrust Global CA2
 GeoTrust Primary CA
 GeoTrust Primary CA G2 ECC
 GeoTrust Universal CA
 GeoTrust Universal CA2
 Thawte Personal Freemail CA
 Thawte Premium Server CA
 Thawte Primary Root CA - G1 (EV)
 Thawte Primary Root CA - G2 (ECC)
 Thawte Primary Root CA - G3 (SHA256)
 Thawte Server CA
 VeriSign Class 1 Public Primary Certification Authority
 VeriSign Class 1 Public Primary Certification Authority - G2
 VeriSign Class 1 Public Primary Certification Authority - G3
 VeriSign Class 2 Public Primary Certification Authority - G2
 VeriSign Class 2 Public Primary Certification Authority - G3
 VeriSign Class 3 Public Primary Certification Authority
Using Security Certificates on Yealink IP Phones
13
 VeriSign Class 3 Public Primary Certification Authority - G2
 VeriSign Class 3 Public Primary Certification Authority - G3
 VeriSign Class 3 Public Primary Certification Authority - G4
 VeriSign Class 3 Public Primary Certification Authority - G5
 VeriSign Class 4 Public Primary Certification Authority - G2
 VeriSign Class 4 Public Primary Certification Authority - G3
 VeriSign Universal Root Certification Authority
03-09-2016 04:48 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Karl_Yealink Offline
Super Moderator
******

Posts: 673
Joined: Apr 2015
Reputation: 5
Post: #2
RE: GeoTrust Rapid SSL Wildcard Cert
Maybe you can get some help from the FAQ: http://support.yealink.com/faq/faqInfo?id=13

For the GeoTrust Rapid SSL, if it don't in the CA list, the Yealink phones can't support this.
03-09-2016 05:03 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
fonewiz Offline
Junior Member
**

Posts: 5
Joined: Aug 2015
Reputation: 1
Post: #3
RE: GeoTrust Rapid SSL Wildcard Cert
(03-09-2016 05:03 AM)Yealink_Karl Wrote:  Maybe you can get some help from the FAQ: http://support.yealink.com/faq/faqInfo?id=13

For the GeoTrust Rapid SSL, if it don't in the CA list, the Yealink phones can't support this.

I am aware of everything in the link you provided. If I have to login to each phone and disable the checkbox to allow non-trusted SSL certs then it's not really auto-provisioning.

My goal is to purchase a certificate that will allow the phone to recognize the certificate as trusted and immediately auto-provision.

The list you provided, I pasted in my original post. I am trying to have someone confirm or deny that the Rapid SSL WildCard Cert from GeoTrust will or will not work.

The issue is that the list you provided is not exactly the way the sellers of the certificates sell them, they using marketing names like GeoTrust Rapid SSL Wildcard Cert.

If that cert won't work, can you recommend a provider/seller of a wild-card cert that will be guaranteed to work?
03-10-2016 01:41 AM
Find all posts by this user    like1    dislike0 Quote this message in a reply
Karl_Yealink Offline
Super Moderator
******

Posts: 673
Joined: Apr 2015
Reputation: 5
Post: #4
RE: GeoTrust Rapid SSL Wildcard Cert
I think you can get some help from the FAQ: http://support.yealink.com/faq/faqInfo?id=13
If the certificate isn't in the list, you can add this certificate manually.
03-10-2016 03:45 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
kg4ysy Offline
Member
***

Posts: 65
Joined: May 2013
Reputation: 2
Post: #5
RE: GeoTrust Rapid SSL Wildcard Cert
I am actually trying to set up a GoDaddy wildcard certificate on my W52 right now. It is not working when the setting you mentioned is on. It works just fine if I disable that setting. I am going to post separately about wildcard certs. I think there may be an issue with the phones accepting a wildcard cert's CA. I'd be curious if you get it to work.
03-10-2016 08:24 AM
Find all posts by this user    like1    dislike0 Quote this message in a reply
Karl_Yealink Offline
Super Moderator
******

Posts: 673
Joined: Apr 2015
Reputation: 5
Post: #6
RE: GeoTrust Rapid SSL Wildcard Cert
Do your customer is doing both-way certificated? I will provide your the CA from Yealink side. You can provide this CA below to your customer and ask them to upload to their servers side to finish the both-way certificate of Yealink phones !

Here is the link to download the CA :
http://ftp.yealink.com/?ShareToken=CA9ED...EEB14486FA
03-11-2016 03:35 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
fonewiz Offline
Junior Member
**

Posts: 5
Joined: Aug 2015
Reputation: 1
Post: #7
RE: GeoTrust Rapid SSL Wildcard Cert
(03-11-2016 03:35 AM)Yealink_Karl Wrote:  Do your customer is doing both-way certificated? I will provide your the CA from Yealink side. You can provide this CA below to your customer and ask them to upload to their servers side to finish the both-way certificate of Yealink phones !

Here is the link to download the CA :
http://ftp.yealink.com/?ShareToken=CA9ED...EEB14486FA

I am sorry, I don't know what you are referring to.

I am simply trying to get the Yealink phones to accept the certificate out of the box without having to boot up each phone and turn off the need to only accept supported certificate authorities. If I have to boot them up, login to the phone manually to turn off the setting just to get them to auto-provision then this isn't really auto-provisioning in my estimation.

As I understand it, in order to make the phones work out of the box and auto-provisioning without an manual changing of the phone itself before hand, is to have a cert installed on the PBX that is from a certificate authority that is already supported and loaded in the T42's, T46's and T48's.

I just need to know what certificate and where to buy. All the companies I buy certificates from do not offer the certificates listed in your documentation.

This has been holding up my new server setup for days now, I just need to order the correct certificate.

Thanks for your assistance.
03-15-2016 08:36 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Karl_Yealink Offline
Super Moderator
******

Posts: 673
Joined: Apr 2015
Reputation: 5
Post: #8
RE: GeoTrust Rapid SSL Wildcard Cert
When you try to auto provision.
The server will send message to phone. If the server certificate don't include the Yealink 30 bulit-in certificate.
The phone won't accept the message from server, so you need to add the server certificate in the phone side or disable the Only Accept Trusted Certificates function. For this, you need to manual every phones.

Also the phone will send message to server side, if the Yealink CA don't include in server side, the server can't accept the phones' message.

So pleaes check the server certificate whether in the 30 bulit-in certificate or not. And also add Yealink CA to server side.

And I don't know the server certificate of your side, so you need to contact with your server provider for help.
I think you can get the certificate from them, then add the certificate in phone side.
03-18-2016 04:16 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
rmincey Offline
Junior Member
**

Posts: 2
Joined: May 2016
Reputation: 0
Post: #9
RE: GeoTrust Rapid SSL Wildcard Cert
(03-11-2016 03:35 AM)Yealink_Karl Wrote:  Do your customer is doing both-way certificated? I will provide your the CA from Yealink side. You can provide this CA below to your customer and ask them to upload to their servers side to finish the both-way certificate of Yealink phones !

Here is the link to download the CA :
http://ftp.yealink.com/?ShareToken=CA9ED...EEB14486FA

I am trying to download the CA but the link above does not work. Please help.
R
05-04-2016 12:42 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
rmincey Offline
Junior Member
**

Posts: 2
Joined: May 2016
Reputation: 0
Post: #10
RE: GeoTrust Rapid SSL Wildcard Cert
(03-18-2016 04:16 PM)Yealink_Karl Wrote:  When you try to auto provision.
The server will send message to phone. If the server certificate don't include the Yealink 30 bulit-in certificate.
The phone won't accept the message from server, so you need to add the server certificate in the phone side or disable the Only Accept Trusted Certificates function. For this, you need to manual every phones.

Also the phone will send message to server side, if the Yealink CA don't include in server side, the server can't accept the phones' message.

So pleaes check the server certificate whether in the 30 bulit-in certificate or not. And also add Yealink CA to server side.

And I don't know the server certificate of your side, so you need to contact with your server provider for help.
I think you can get the certificate from them, then add the certificate in phone side.

Where can I get the Yealink CA certificate for the server?
R
05-11-2016 03:57 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  T4x: Unable to upload server certificates: "The cert file already exists!" Fritz-EDV 2 4,250 06-12-2020 04:03 PM
Last Post: Fritz-EDV
  Rapid Incoming calls not connecting dig1234 9 17,125 05-03-2016 10:28 PM
Last Post: dig1234

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication