help • 6 Swyx Connectivity Setup Tool • Install TLS root certificate on DECT 800 base station
6.5 Install TLS root certificate on DECT 800 base station
For a secure provisioning of SwyxDECT 800 end devices you have to install your own TLS root certificate or the TLS root certificate of Let's Encrypt yourself:
To install the root certificate during a new provisioning
You have installed your own TLS server certificate or a TLS server certificate from Let's Encrypt via SCST.
1 Have your own root certificate ready,
Or
1 download a root certificate from Let's Encrypt (ISRG Root X1): letsencrypt.org/certificates/
2 Go through the steps for provisioning the DECT end devices (as described in the chapter help.enreach.com/controlcenter/latest.version/web/Swyx/en-EN/index.html#context/help/DECT800_provisioning_$ ).
In step 6, you must upload the corresponding root certificate, see help.enreach.com/controlcenter/latest.version/web/Swyx/en-US/index.html#context/help/TLS_Rootcertificate_$
* 
If you use your own certificate, make sure that you upload a valid trusted root certificate.
 
*The DECT 800 base station uses HTTPS provisioning to connect to SwyxWare.
To install the root certificate on already provisioned devices
1 Have your own root certificate ready,
Or
1 download the root certificate from Let's Encrypt (ISRG Root X1): https://letsencrypt.org/certificates/
2 Update SwyxWare .
3 Open the configuration wizard of the base station on the web interface.
4 Upload the root certificate at General | Certificates |Trust List | Upload upload.
* 
If you use your own certificate, make sure that you upload a valid trusted root certificate.
 
5 Perform the configuration in SCST to install the TLS server certificate.
6 Click on Finish.
*The base station is restarted The DECT 800 base station uses HTTPS provisioning to connect to SwyxWare. DECT 800 telephones are provisioned again.