Yealink T46G Administrator's Manual page 326
Skype for business hd ip phones
Hide thumbs
Also See for T46G:
- User manual (234 pages) ,
- Quick start manual (17 pages) ,
- Admin manual (9 pages)
Table of Contents
Advertisement
Yealink Skype for Business HD IP Phones Administrator Guide
Certificates
The Skype for Business phone can serve as a TLS client or a TLS server. The TLS requires the
following security certificates to perform the TLS handshake:
Trusted Certificate: When the Skype for Business phone requests a TLS connection with a
server, the Skype for Business phone should verify the certificate sent by the server to
decide whether it is trusted based on the trusted certificates list. The Skype for Business
phone has 49 built-in trusted certificates. You can upload 10 custom certificates at most.
The format of the trusted certificate files must be *.pem,*.cer,*.crt and *.der and the
maximum file size is 5MB. For more information on 49 trusted certificates, refer to
Appendix C: Trusted Certificates
Server Certificate: When clients request a TLS connection with the Skype for Business
phone, the Skype for Business phone sends the server certificate to the clients for
authentication. The Skype for Business phone has two types of built-in server certificates: a
unique server certificate and a generic server certificate. You can only upload one server
certificate to the Skype for Business phone. The old server certificate will be overridden by
the new one. The format of the server certificate files must be *.pem and *.cer and the
maximum file size is 5MB.
A unique server certificate: It is unique to a Skype for Business phone (based on the
-
MAC address) and issued by the Yealink Certificate Authority (CA).
-
A generic server certificate: It issued by the Yealink Certificate Authority (CA). Only if
no unique certificate exists, the Skype for Business phone may send a generic
certificate for authentication.
The Skype for Business phone can authenticate the server certificate based on the trusted
certificates list. The trusted certificates list and the server certificates list contain the default and
custom certificates. You can specify the type of certificates the Skype for Business phone accepts:
default certificates, custom certificates or all certificates.
Common Name Validation feature enables the Skype for Business phone to mandatorily
validate the common name of the certificate sent by the connecting server. And Security
verification rules are compliant with RFC 2818.
Note
In TLS feature, we use the terms trusted and server certificate. These are also known as CA and
device certificates.
Resetting the Skype for Business phone to factory defaults will delete custom certificates by
default. But this feature is configurable by the parameter "phone_setting.reserve_certs_enable"
using the configuration files.
312
on page 368.
- Quick Links:
- Phone User Interface
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
