EasyManuals Logo
Home>Yealink>IP Phone>SIP-T2XP

Yealink SIP-T2XP Administrator's Guide

Yealink SIP-T2XP
506 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #241 background imageLoading...
Page #241 background image
Configuring Security Features
225
negotiation with Server Hello Done message.
Step3: IP phone sends session key information (encrypted by servers public key) in the
Client Key Exchange message.
Step4: Server sends Change Cipher Spec message to activate the negotiated options
for all future messages it will send.
IP phones can encrypt SIP with TLS, which is called SIPS. When TLS is enabled for an
account, the SIP message of this account will be encrypted, and a lock icon appears on
the LCD screen after the successful TLS negotiation.
Certificates
The IP phone can serve as a TLS client or a TLS server. The TLS requires the following
security certificates to perform the TLS handshake:
Trusted Certificate: When the IP phone requests a TLS connection with a server, the
IP phone should verify the certificate sent by the server to decide whether it is
trusted based on the trusted certificates list. The IP phone has 30 built-in trusted
certificates. You can upload 10 custom certificates at most. The format of the trusted
certificate files must be *.pem,*.cer,*.crt and *.der and the maximum file size is
5MB. For more information on 30 trusted certificates, refer to Appendix C: Trusted
Certificates on page 268.
Server Certificate: When clients request a TLS connection with the IP phone, the IP
phone sends the server certificate to the clients for authentication. The IP phone
has two types of built-in server certificates: a unique server certificate and a
generic server certificate. You can only upload one server certificate to the IP
phone. The old server certificate will be overridden by the new one. The format of
the server certificate files must be *.pem and *.cer and the maximum file size is
5MB.
- A unique server certificate: It is unique to an IP phone (based on the MAC
address) and issued by the Yealink Certificate Authority (CA).
- A generic server certificate: It issued by the Yealink Certificate Authority (CA).
Only if no unique certificate exists, the IP phone may send a generic certificate
for authentication.
The IP phone can authenticate the server certificate based on the trusted certificates list.
The trusted certificates list and the server certificates list contain the default and custom
certificates. You can specify the type of certificates the IP phone accepts: default
certificates, custom certificates or all certificates.

Table of Contents

Other manuals for Yealink SIP-T2XP

Preview: User Guide
User Guide56 pages
Preview: Administration Guide
Administration Guide246 pages
Preview: Manual
Manual4 pages
Preview: Auto Provisioning Guide
Auto Provisioning Guide294 pages
Preview: Upgrade Manual
Upgrade Manual12 pages
Preview: Features Guide
Features Guide8 pages
Preview: Administrator's Manual
Administrator's Manual589 pages
Preview: Provisioning Guide
Provisioning Guide294 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Yealink SIP-T2XP and is the answer not in the manual?

Yealink SIP-T2XP Specifications

General IconGeneral
BrandYealink
ModelSIP-T2XP
CategoryIP Phone
LanguageEnglish

Related product manuals