Supported Trusted And Server Certificates; Supported Trusted Certificates - Yealink SIP-T3 Administrator's Manual
Hide thumbs
Also See for SIP-T3:
- Auto provisioning manual (155 pages) ,
- Administrator's manual (578 pages)
Table of Contents
Advertisement
EXP1024-DES-CBC-SHA
l
EDH-RSA-DES-CBC-SHA
l
EDH-DSS-DES-CBC-SHA
l
DES-CBC-SHA
l
DES-CBC-MD5
l
EXP1024-DHE-DSS-RC4-SHA
l
EXP1024-RC4-SHA
l
EXP1024-RC4-MD5
l
EXP-EDH-RSA-DES-CBC-SHA
l
EXP-EDH-DSS-DES-CBC-SHA
l
EXP-DES-CBC-SHA
l
EXP-RC2-CBC-MD5
l
EXP-RC4-MD5
l
ECDHE
l
Supported Trusted and Server Certificates
The IP phone can serve as a TLS client or a TLS server. In the TLS feature, we use the terms trusted and server cer-
tificate. These are also known as CA and device certificates.
The TLS requires the following security certificates to perform the TLS handshake:
Trusted Certificate: When the IP phone requests a TLS connection with a server, the phone should verify the
l
certificate sent by the server to decide whether it is trusted based on the trusted certificates list. You can upload
10 custom certificates at most. The format of the trusted certificate files must be *.pem, *.cer, *.crt and *.der and
the maximum file size is 5MB.
Server Certificate: When clients request a TLS connection with the IP phone, the phone sends the server cer-
l
tificate to the clients for authentication. The IP phone has two types of built-in server certificates: a unique server
certificate and a generic server certificate. You can only upload one server certificate to the IP phone. The old
server certificate will be overridden by the new one. The format of the server certificate files must be *.pem and
*.cer and the maximum file size is 5MB.
A unique server certificate: It is unique to an IP phone (based on the MAC address) and issued by the Yealink
Certificate Authority (CA).
A generic server certificate: It is issued by the Yealink Certificate Authority (CA). Only if no unique certificate
exists, the phone may send a generic certificate for authentication.
The IP phone can authenticate the server certificate based on the trusted certificates list. The trusted certificates list
and the server certificates list contain the default and custom certificates. You can specify the type of certificates the
IP phone accepts: default certificates, custom certificates or all certificates.
Common Name Validation feature enables the IP phone to mandatorily validate the common name of the certificate
sent by the connecting server. The security verification rules are compliant with RFC 2818.
Note
: Resetting the IP phone to factory defaults will delete custom certificates by default. However, this feature is con-
figurable by the parameter "static.phone_setting.reserve_certs_enable" using the configuration file.
Resetting the IP phone to factory defaults will delete trusted and server certificates settings by default. However,
this feature is configurable by the parameter "static.phone_setting.reserve_certs_config.enable" using the con-
figuration file.
Topic
Supported Trusted Certificates
Supported Trusted Certificates
Yealink phones trust the following CAs by default:
DigiCert High Assurance EV Root CA
l
Deutsche Telekom Root CA 2
l
Security Features
116
Advertisement
Table of Contents
Troubleshooting
