[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Error installing own server certificate
Author Message
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #1
Error installing own server certificate
Hi,

i've created own server certificates for several SIP-T46S according to the guide "Using Security Certificates on Yealink IP Phones_V80_96.pdf". That means i've created a *.pem file containing key+certificate and installed my company CA under "Trusted Certificates". With the T46S everything works fine so if i access https://myt46s i see my own certificate. Exactly the same does not work for the newly bought W56P with all firmware updates applied. The certificate gets imported and listed under "Server Certificate", but after rebooting the phone, i still see the generic Yealink certificate.

Whenever i import my own server certificate, syslog prints the following line

"LIBD[850]: DCMN<3+error > file can't be opened"

though correctly listed under "Security->Server Certificates"

As i've tried several combinations, did multiple factory resets and it still doesn't work, could you please check if there is an issue with own server certificate import on the latest firmware?

Thanks, flex
10-20-2017 09:45 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #2
RE: Error installing own server certificate
Has sb tried to add a server certificate already? Does it work for you?

Or should i simply open a ticket @yealink
(This post was last modified: 10-25-2017 05:22 AM by flex.)
10-25-2017 05:21 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Elaine_Yealink Offline
Super Moderator
******

Posts: 152
Joined: Aug 2014
Reputation: 4
Post: #3
RE: Error installing own server certificate
Dear Flex,
From your description, the CA was uploaded under "Trusted Certificates", but for W56P, it is uploaded under"Server Certificate". I think the "Trusted Certificates" is the right path to go. Would you please confirm this?

If still doesn't work, please raise a ticket and provide cert file and syslog with following steps:
1. export syslog to log server (log on phone will be erased after reboot)
2. upload cert to phone
3. login to the web interface and take a screenshot about cert list.
4. reboot the device.
When phone boot up, export the syslog and send to us on ticket.

Here is the FAQ about how to export syslog to server:
http://support.yealink.com/faq/faqInfo?id=313

Regards
Elaine
10-25-2017 06:52 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #4
RE: Error installing own server certificate
Hi,

i did the same for the W56P as for the T46S...

- place the company CA under 'Trusted Certificates'
- place the server cert under 'Server Certificates'

This doesn't work. I also tested with a self-signed certificate (and without my own CA)...without success.

Could somebody @yealink double check if there aren't issues with the latest firmware before i open a ticket? Seems like the better way to me.
(This post was last modified: 10-25-2017 07:18 AM by flex.)
10-25-2017 07:17 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Elaine_Yealink Offline
Super Moderator
******

Posts: 152
Joined: Aug 2014
Reputation: 4
Post: #5
RE: Error installing own server certificate
(10-25-2017 07:17 AM)flex Wrote:  Hi,

i did the same for the W56P as for the T46S...

- place the company CA under 'Trusted Certificates'
- place the server cert under 'Server Certificates'

This doesn't work. I also tested with a self-signed certificate (and without my own CA)...without success.

Could somebody @yealink double check if there aren't issues with the latest firmware before i open a ticket? Seems like the better way to me.


Hi Flex,
Local test cannot reproduce the issue. I upload a cert to Trusted Certificates/Server Certificates, save. After reboot, cert is still there. See attached picture.


Attached File(s) Thumbnail(s)
   
10-26-2017 03:15 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #6
RE: Error installing own server certificate
Hi Elaine,

thanks for you test. Could you also upload and boot from a newly created "Server Certificate" and check if this newly created cert is offered when you connect to your phone _after_ reboot (instead of the Yealink generic cert). Because exactly here is where it stops working for me. I can

- upload a Trusted Certificate and i see it after reboot in the GUI
- upload a Server Certificate and i see it after reboot in the GUI

but the Server Certificate is never offered when connecting via browser.
10-26-2017 06:06 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #7
RE: Error installing own server certificate
Any news on this?
11-06-2017 08:20 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Elaine_Yealink Offline
Super Moderator
******

Posts: 152
Joined: Aug 2014
Reputation: 4
Post: #8
RE: Error installing own server certificate
(11-06-2017 08:20 AM)flex Wrote:  Any news on this?

HI Flex,
"but the Server Certificate is never offered when connecting via browser." Here do you mean after you reboot the phone and connecting to the web interface, the browser does not use the new cert for your https login certifying?

If this is true, please upgrade to our latest V82 firmware, on which this is supported.
Firmware download link: http://download.support.yealink.com/down...2.0.20.rom

After firmware upgrade, under Server Certificate page, change Device Certificate to Custom. Then your newly created server cert will be used by browser for https login.

Kindly have a test and share with the result.

Regards
Elaine
11-07-2017 02:26 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #9
RE: Error installing own server certificate
Hi Elaine,

are you sure V82 works with the W56P? Looks like the firmware image you provide is for the T4X version. At least...the update fails here.
11-07-2017 11:55 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
flex Offline
Junior Member
**

Posts: 8
Joined: Oct 2017
Reputation: 0
Post: #10
RE: Error installing own server certificate
It's still not working and seems like a firmware issue. Is a new firmware in the plans?

EDIT: I've opened a ticket.
(This post was last modified: 11-16-2017 10:56 AM by flex.)
11-10-2017 01:00 PM
Find all posts by this user    like1    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Error installing own server certificate dudoankq 1 7,505 04-26-2018 09:21 AM
Last Post: Klaus_Yealink
  Error installing own server certificate flex 0 4,311 10-20-2017 09:44 AM
Last Post: flex

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication