[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
About HTTPS certificates and trust
Author Message
Travis_Yealink Offline
Super Moderator
******

Posts: 171
Joined: Mar 2016
Reputation: 1
Post: #2
RE: About HTTPS certificates and trust
(05-24-2018 08:41 AM)TrK Wrote:  Our provisioning web server have Rapid SSL RSA wildcard certificate, which is trusted by default Yealink phone. Our DHCP server send OPTION 43 with https link. Everything is working good - we unbox new phone, connect it to network and viola, not need to logon on phone`s web interface.

But our RSA certificate will be expired soon. We decide to switch to Let`sEncrypt ECC certificate. As i can see, Yealink phones by default have root LE cert "DST Root CA X3", but not have intermediate "Lets Encrypt Authority X3".

What should i do with that? Set security.trust_certificates = 0? Add this Intermediate CA certificate to Trusted?
But how new phones will get this settings without access to provisioning web server?


And another related question, about format of
Code:
trusted_certificates.url
.
What is solution when i need to add two (or three, or four) root certificate to Trusted? Should i add all to one file, like in chainfile? But this certs are from different CA.

Dear customer,

For this case, please find my answers below:
1. The root CA is exist, so please ask server provider to send sub-CA to the phone when it asks for the authentication
2. For the parameter, please create seperated parameters for different CA:
static.trusted_certificates.url = http://10.91.80.50:8080/1.cer
static.trusted_certificates.url = http://10.91.80.50:8080/2.cer

Any question, freely to let me know.

Regards,
Travis
06-01-2018 02:19 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Messages In This Thread
About HTTPS certificates and trust - TrK - 05-24-2018, 08:41 AM
RE: About HTTPS certificates and trust - Travis_Yealink - 06-01-2018 02:19 AM

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
Question "Trusted Certificates" and auto provisioning jobst 3 5,994 06-15-2022 11:00 AM
Last Post: dbonnell
Question Mutual Certificates exchange using built device built in cetificate Ricardo Martins 7 21,799 06-02-2021 02:35 AM
Last Post: tonipamies
  HTTPS Letsencrypt T48S 66.82.0.20 vs 66.83.0.30 Jacques14623 1 5,922 05-09-2018 02:00 AM
Last Post: Travis_Yealink
  3CX Provisioning with Certificates for Secure SIP 3CTechnology 3 15,705 11-23-2016 10:00 AM
Last Post: Kevin_Yealink
  HTTPS Certificates TomJagustin 2 11,794 10-27-2016 04:56 PM
Last Post: jondaley
  SHA1 certificates: A BIG problem lonvoice 3 12,753 04-06-2016 10:13 PM
Last Post: bsanders
  HTTPS/SSL Error nickcoons 18 66,067 02-28-2016 10:17 AM
Last Post: Novum Networks
  3CX/T4X not provisioning via HTTPS jasonsomers 1 10,151 10-27-2015 11:27 PM
Last Post: James_Yealink
Brick T19 HTTPS Autoprovisioning uzytkownik 2 10,166 08-26-2014 02:35 PM
Last Post: uzytkownik

Forum Jump:


User(s) browsing this thread:

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication