Yealink SIP T46G Administrator's Manual page 207
Hide thumbs
Also See for SIP T46G:
- Quick start manual ,
- Administrator's manual (433 pages) ,
- User manual (243 pages)
Table of Contents
Advertisement
Administrator's Guide for SIP-T46G IP Phone
The following figure illustrates the TLS messages exchanged between the IP phone and
TLS server to establish an encrypted communication channel:
Step1: The IP phone sends ―Client Hello‖ message proposing SSL options.
Step2: Server responds with ―Server Hello‖ message selecting the SSL options, sends its
public key information in ―Server Key Exchange‖ message and concludes its part of the
negotiation with ―Server Hello Done‖ message.
Step3: The IP phone sends session key information (encrypted with server's public key)
in the ―Client Key Exchange‖ message.
Step4: Server sends ―Change Cipher Spec‖ message to activate the negotiated options
for all future messages it will send.
IP phones can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for an
account, the SIP message of this account will be encrypted, and a lock icon will appear
on the phone LCD screen after the successful TLS negotiation.
Certificates
The certificates are used to the TLS negotiation. The digital certificate (also known as a
public key certificate), is actually an electronic document that mainly contains a public
key and identity information of the certificate owner. And there will be other information
such as the unique serial number, the issuer, the validity date of the certificate. By
verifying the information in the certificate, it can be told that whether the sender of the
certificate is trustable. If no, there won't be further transmission. If yes, the receiver will
use the public key in the certificate to go further.
The IP phone can serve as a TLS client or a TLS server. The TLS requires the following
security certificates to perform the TLS handshake:
Trusted Certificate: When the IP phone requests a TLS connection with a server, the
IP phone should verify the certificate sent by the server to decide whether the
server is trusted based on the trusted certificates list. You can upload custom
certificates to the IP phone. The IP phone supports upload 10 custom certificates at
most. The format of the certificates must be *.pem,*.cer,*.crt and *.der.
Server Certificate: When the other clients request a TLS connection with the IP
phone, the IP phone sends the server certificate to the clients for authentication.
The IP phone presets the unique phone certificate at the factory. You can only
upload one server certificate to the IP phone. The unique phone certificate will be
194
Hide quick links:
Advertisement
Table of Contents
