[YMCS/YDMP Free Trial Program]Yealink would like to offer Free Trial Program of Yealink device management service for our current eligible customers. You can see the details below.
https://www.yealink.com/ydmp-freetrial-2020


Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
HTTPS/SSL Error
Author Message
nickcoons Offline
Junior Member
**

Posts: 3
Joined: Sep 2014
Reputation: 0
Post: #1
HTTPS/SSL Error
I'm trying to configure a set of W52P phones to provision from our HTTPS server. I have a valid SSL certificate signed by GoDaddy. When I try to provision, the log shows "Certificate doesn't verify and error is 20" and "trust check error". I've tried uploading GoDaddy's Root CA certificate to "Security -> Trusted Certificates", but it doesn't make a difference.

It does work if I set "Security -> Trusted Certificates -> Only Accept Trusted Certificates" to "Disabled", but that's not my preferred setting.

When I access the HTTPS server with IE, Firefox, and Google Chrome, I do not receive any certificate errors, and my Grandstream phones connect without any issues.

How can I get the Yealink phones to work with my GoDaddy certificate?
09-17-2014 03:22 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Lucas1 Offline
Super Moderator
******

Posts: 51
Joined: Aug 2014
Reputation: 0
Post: #2
RE: HTTPS/SSL Error
Hi nickcoons ,
:)Thanks for your continuously support for Yealink products.
Please check signature algorithm of SSL certificate is SHA1 firstly ,now our phone don't support the signature algorithm of SHA2.

If issue still exist,please provide issue data from phone,.
1,trace
2,syslog(level 6)
3,config.bin
If you dont know how to get issue data ,please refer to URL address
ftp://Lucas:28X3Dg6Q@ftp.yealink.com/manual/
or http address
http://forum.yealink.com/forum/showthread.php?tid=1319.

Please upload the issue data to ftp://Lucas:28X3Dg6Q@ftp.yealink.com/ and notify me ,thank you very much.
09-19-2014 06:40 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
bascheew Offline
Junior Member
**

Posts: 5
Joined: Dec 2013
Reputation: 0
Post: #3
RE: HTTPS/SSL Error
Godaddy is not on the list of supported trusted certificate authorities (see below). I however am having the same problem on a T46G and I am using an approved cert in the list. If I set the Only Accept Trusted Certificates setting to "Disabled" then everything works. I think we have a bug here.

Here is the list of trusted certs from this document.

DigiCert High Assurance EV Root CA
Deutsche Telekom AG Root CA-2
Equifax Secure Certificate Authority
Equifax Secure eBusiness CA-1
Equifax Secure Global eBusiness CA-1
GeoTrust Global CA
GeoTrust Global CA2
GeoTrust Primary CA
GeoTrust Primary CA G2 ECC
GeoTrust Universal CA
GeoTrust Universal CA2
Thawte Personal Freemail CA
Thawte Premium Server CA
Thawte Primary Root CA - G1 (EV)
Thawte Primary Root CA - G2 (ECC)
Thawte Primary Root CA - G3 (SHA256)
Thawte Server CA
VeriSign Class 1 Public Primary Certification Authority
VeriSign Class 1 Public Primary Certification Authority - G2
VeriSign Class 1 Public Primary Certification Authority - G3
VeriSign Class 2 Public Primary Certification Authority - G2
VeriSign Class 2 Public Primary Certification Authority - G3
VeriSign Class 3 Public Primary Certification Authority
VeriSign Class 3 Public Primary Certification Authority - G2
VeriSign Class 3 Public Primary Certification Authority - G3
VeriSign Class 3 Public Primary Certification Authority - G4
VeriSign Class 3 Public Primary Certification Authority - G5
VeriSign Class 4 Public Primary Certification Authority - G2
VeriSign Class 4 Public Primary Certification Authority - G3
VeriSign Universal Root Certification Authority
(This post was last modified: 10-17-2014 05:29 AM by bascheew.)
10-17-2014 05:29 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
nickcoons Offline
Junior Member
**

Posts: 3
Joined: Sep 2014
Reputation: 0
Post: #4
RE: HTTPS/SSL Error
Perhaps GoDaddy SSL certificate support should be added given their massive share of the SSL certificate signing market.
(This post was last modified: 11-10-2014 11:59 AM by nickcoons.)
10-24-2014 08:31 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Lucas1 Offline
Super Moderator
******

Posts: 51
Joined: Aug 2014
Reputation: 0
Post: #5
RE: HTTPS/SSL Error
Hi all,
If you want to use certificate that we can't support at present,must import the certificate in advanve,if you import success,the certificate will display the box like picture.


Attached File(s) Thumbnail(s)
   
11-10-2014 10:49 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
nickcoons Offline
Junior Member
**

Posts: 3
Joined: Sep 2014
Reputation: 0
Post: #6
RE: HTTPS/SSL Error
(11-10-2014 10:49 AM)Yealink_Lucas Wrote:  Hi all,
If you want to use certificate that we can't support at present,must import the certificate in advanve,if you import success,the certificate will display the box like picture.

If I import my certificate from GoDaddy, and then it expires in the future, do I need to import the new one as well? Or is there something higher up in the chain that I can import that will cause it to accept all future versions as well?
11-10-2014 12:01 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
jvanveen Offline
Junior Member
**

Posts: 5
Joined: Feb 2015
Reputation: 0
Post: #7
RE: HTTPS/SSL Error
I tested with a GeoTrust Global CA certificate, which should be built-in(?), but the phone still indicates that it can't handle the certificate:

Feb 12 10:37:03 LIBD[344]: DCMN<6+info > Connecting path.domain.ext:443
Feb 12 10:37:03 LIBD[344]: DCMN<6+info > Connecting IP = xxx.xxx.xxx.xxx, Port = 443
Feb 12 10:37:03 LIBD[344]: DCMN<6+info > SSL_connect (read done)
Feb 12 10:37:03 LIBD[344]: DCMN<6+info > SSL_connect (read done)
Feb 12 10:37:03 LIBD[344]: DCMN<3+error > Certificate doesn't verify and error is 19
Feb 12 10:37:03 LIBD[344]: DCMN<3+error > trust check error
Feb 12 10:37:03 LIBD[344]: HTTP<3+error > Connect Error
Feb 12 10:37:03 ATP [344]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 2

Does this have to do with SHA1/SHA2?
02-12-2015 06:46 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
bugmenot Offline
Banned

Posts: 2
Joined: Oct 2013
Post: #8
RE: HTTPS/SSL Error
When is Yealink going to support SHA2? My CA (GeoTrust) will not allow me to sign a SHA1 cert with an expiry past 12/31/2016 (I have a 3 year cert) because SHA1 will be phased out by then, making the cert useless for everything (except Yealink apparently) past that date. This has been a known fact for 2 years, get with the times!
03-13-2015 03:55 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
James_Yealink Offline
Administrator
*******

Posts: 1,159
Joined: Aug 2014
Reputation: 8
Post: #9
RE: HTTPS/SSL Error
Hi,

SHA2 will be supported in T23/T27/T29/T41/T42/T46/T48 in V80 which will be available in Q2 or Q3 2015.

Regards,
James
03-13-2015 09:39 AM
Find all posts by this user    like0    dislike0 Quote this message in a reply
navok Offline
Junior Member
**

Posts: 5
Joined: Apr 2015
Reputation: 0
Post: #10
RE: HTTPS/SSL Error
Hi everybody!
If I have twenty phones T21P with the same problem (sha256 unsupported), what I can do? Why you will not upgrade this phones to firmware V80?
My reseller doesn't give me money back, can I replace T21 phones to T23 in your office in Moscow ?
04-09-2015 09:49 PM
Find all posts by this user    like0    dislike0 Quote this message in a reply
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  RPS API - Authentication Error jrmende5 5 12,969 11-26-2020 04:53 PM
Last Post: wecloudit
  Autoprovisionong T4xS v83 error gasper_s 2 6,786 11-05-2018 10:25 AM
Last Post: gasper_s
  About HTTPS certificates and trust TrK 8 22,979 06-05-2018 02:14 AM
Last Post: Travis_Yealink
  HTTPS Letsencrypt T48S 66.82.0.20 vs 66.83.0.30 Jacques14623 1 5,921 05-09-2018 02:00 AM
Last Post: Travis_Yealink
  T32G Auto provisioning error with encryption Mike89 0 4,839 09-18-2017 12:47 AM
Last Post: Mike89
  HTTPS Certificates TomJagustin 2 11,793 10-27-2016 04:56 PM
Last Post: jondaley
  Upgrade firmware error from tftp boot server guillosur 1 8,850 05-05-2016 06:18 AM
Last Post: Karl_Yealink
  3CX/T4X not provisioning via HTTPS jasonsomers 1 10,150 10-27-2015 11:27 PM
Last Post: James_Yealink
  Incorrect File Format error on call send, receive or end call morrism 4 14,120 10-06-2015 07:37 AM
Last Post: morrism
  Auto Provisioning error AndyInNYC 1 11,365 09-10-2014 10:19 AM
Last Post: Wilson_Yealink

Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us   Yealink   Return to Top   Return to Content   Lite (Archive) Mode   RSS Syndication