Configuring Security Features
877
- A unique server certificate: It is unique to an IP phone (based on the MAC address)
and issued by the Yealink Certificate Authority (CA).
- A generic server certificate: It issued by the Yealink Certificate Authority (CA). Only if
no unique certificate exists, the IP phone may send a generic certificate for
authentication.
The IP phone can authenticate the server certificate based on the trusted certificates list. The
trusted certificates list and the server certificates list contain the default and custom certificates.
You can specify the type of certificates the IP phone accepts: default certificates, custom
certificates or all certificates.
Common Name Validation feature enables the IP phone to mandatorily validate the common
name of the certificate sent by the connecting server. And Security verification rules are
compliant with RFC 2818.
Note
Procedure
Configuration changes can be performed using the following methods.
Central
Provisioning
(Configuration
File)
Configure TLS on a per-line basis.
Parameter:
account.X.sip_server.Y.transport_type
Configure the TLS version.
Parameter:
security.default_ssl_method
Configure trusted certificates feature.
Parameters:
static.security.trust_certificates
static.security.ca_cert
static.security.cn_validation
Configure server certificates feature.
Parameter:
static.security.dev_cert
In TLS feature, we use the terms trusted and server certificate. These are also known as CA and
device certificates.
Resetting the IP phone to factory defaults will delete custom certificates by default. But this
feature is configurable by the parameter “static.phone_setting.reserve_certs_enable” using the
configuration files.
To Next Page
Loading...
Need help?
General
