Supported Trusted And Server Certificates; Supported Trusted Certificates - Yealink W60P Administrator's Manual
Dect ip phones
Hide thumbs
Also See for W60P:
- User manual ,
- Administrator's manual (548 pages) ,
- Quick manual (40 pages)
Table of Contents
Advertisement
Administrator's Guide for W60P/W53P/W41P DECT Phones
EXP-DES-CBC-SHA
l
EXP-RC2-CBC-MD5
l
EXP-RC4-MD5
l
ECDHE
l
Supported Trusted and Server Certificates
The IP phone can serve as a TLS client or a TLS server. In TLS feature, we use the terms trusted and server certificate.
These are also known as CA and device certificates.
The TLS requires the following security certificates to perform the TLS handshake:
Trusted Certificate: When the IP phone requests a TLS connection with a server, the IP phone should verify the cer-
l
tificate sent by the server to decide whether it is trusted based on the trusted certificates list. The IP phone has 76
built-in trusted certificates. You can upload 10 custom certificates at most. The format of the trusted certificate files
must be *.pem,*.cer,*.crt and *.der and the maximum file size is 5MB.
Server Certificate: When clients request a TLS connection with the IP phone, the IP phone sends the server cer-
l
tificate to the clients for authentication. The IP phone has two types of built-in server certificates: a unique server
certificate and a generic server certificate. You can only upload one server certificate to the IP phone. The old server
certificate will be overridden by the new one. The format of the server certificate files must be *.pem and *.cer and
the maximum file size is 5MB.
A unique server certificate: It is unique to an IP phone (based on the MAC address) and issued by the Yealink Cer-
tificate Authority (CA).
A generic server certificate: It is issued by the Yealink Certificate Authority (CA). Only if no unique certificate exists,
the IP phone may send a generic certificate for authentication.
The IP phone can authenticate the server certificate based on the trusted certificates list. The trusted certificates list and
the server certificates list contain the default and custom certificates. You can specify the type of certificates the IP
phone accepts: default certificates, custom certificates or all certificates.
Common Name Validation feature enables the IP phone to mandatorily validate the common name of the certificate
sent by the connecting server. The Security verification rules are compliant with RFC 2818.
Note
Resetting the IP phone to factory defaults will delete custom certificates by default. However, this feature is configurable by
the parameter "static.phone_setting.reserve_certs_enable" using the configuration file.
Topic
Supported Trusted Certificates
Supported Trusted Certificates
Yealink IP phones trust the following CAs by default:
DigiCert High Assurance EV Root CA
l
Deutsche Telekom Root CA 2
l
Equifax Secure Certificate Authority
l
Equifax Secure eBusiness CA-1
l
Equifax Secure Global eBusiness CA-1
l
GeoTrust Global CA
l
GeoTrust Global CA2
l
GeoTrust Primary Certification Authority
l
GeoTrust Primary Certification Authority G2
l
192
Advertisement
Table of Contents
Troubleshooting
