Yealink SIP-T2XP Administrator's Manual page 478

Administrator's Guide for SIP-T2xP IP Phones
Common Name Validation feature enables the IP phone to mandatorily validate the
common name of the certificate sent by the connecting server. And Security verification
rules are compliant with RFC 2818.
In TLS feature, we use the terms trusted and server certificate. These are also known as
Note
CA and device certificates.
Firmware upgrade from version 71 to 72 will result in update of the generic server
certificates.
We strongly recommend that you do not downgrade the firmware. For
SIP-T20P/T22P/T26P/T28P IP phones, firmware downgrade will result in damage to the
unique server certificate.
Resetting the IP phone to factory defaults will delete custom certificates by default. But
this feature is configurable using the configuration files. For more information on the
configuration parameter, refer to
Procedure
Configuration changes can be performed using the configuration files or locally.
Configuration
File
Local
460
Transport Layer Security
<MAC>.cfg
<y0000000000xx>.cfg
Web User Interface
on page 457.
Configure TLS on a per-line basis.
Parameter:
account.X.transport
Configure trusted certificates feature.
Parameters:
security.trust_certificates
security.ca_cert
security.cn_validation
Configure server certificates feature.
Parameters:
security.dev_cert
Upload the trusted certificates.
Parameter:
trusted_certificates.url
Upload the server certificates.
Parameter:
server_certificates.url
Configure the custom certificates.
Parameter:
phone_setting.reserve_certs_enable
Configure TLS on a per-line basis.