| Security Features | 78
• EDH-DSS-DES-CBC-SHA
• DES-CBC-SHA
• DES-CBC-MD5
• EXP1024-DHE-DSS-RC4-SHA
• EXP1024-RC4-SHA
• EXP1024-RC4-MD5
• EXP-EDH-RSA-DES-CBC-SHA
• EXP-EDH-DSS-DES-CBC-SHA
• EXP-DES-CBC-SHA
• EXP-RC2-CBC-MD5
• EXP-RC4-MD5
Supported Trusted and Server Certificates
The phone can serve as a TLS client or a TLS server. In TLS feature, we use the terms trusted and the server
certificate. These are also known as CA and device certificates.
The TLS requires the following security certificates to perform the TLS handshake:
• Trusted Certificate: When the phone requests a TLS connection with a server, the phone should verify the
certificate sent by the server to decide whether it is trusted based on the trusted certificates list. The phone has 77
built-in trusted certificates. You can upload 10 custom certificates at most. The format of the trusted certificate
files must be *.pem,*.cer,*.crt and *.der and the maximum file size is 5MB.
• Server Certificate: When clients request a TLS connection with the phone, the phone sends the server certificate
to the clients for authentication. The phone has two types of built-in server certificates: a unique server certificate
and a generic server certificate. You can only upload one server certificate to the phone. The old server certificate
will be overridden by the new one. The format of the server certificate files must be *.pem and *.cer and the
maximum file size is 5MB.
• A unique server certificate: It is unique to a phone (based on the MAC address) and issued by the Yealink
Certificate Authority (CA).
• A generic server certificate: It is issued by the Yealink Certificate Authority (CA). Only if no unique certificate
exists, the phone may send a generic certificate for authentication.
The phone can authenticate the server certificate based on the trusted certificates list. The trusted certificates list and
the server certificates list contain the default and custom certificates. You can specify the type of certificates the phone
accepts: default certificates, custom certificates or all certificates.
Common Name Validation feature enables the phone to mandatorily validate the common name of the certificate sent
by the connecting server. The Security verification rules are compliant with RFC 2818.
•
Supported Trusted Certificates
Supported Trusted Certificates
Yealink Teams IP phones trust the following CAs by default:
• DigiCert High Assurance EV Root CA
• Deutsche Telekom Root CA 2
• Equifax Secure Certificate Authority
• Equifax Secure eBusiness CA-1
• Equifax Secure Global eBusiness CA-1
• GeoTrust Global CA
• GeoTrust Global CA2
• GeoTrust Primary Certification Authority
• GeoTrust Primary Certification Authority G2
• GeoTrust Universal CA
• GeoTrust Universal CA2
To Next Page
Loading...
Need help?
General
