6.6 Install TLS root certificate on Certified SIP phones
If your TLS certificate is not supported by Yealink, you need to install the corresponding root certificate on each SIP phone, see
You can distribute the root certificate in the provisioning network, see help.enreach.com/controlcenter/latest.version/web/Swyx/en-EN/index.html#context/help/provisioning_network_$
The exact parameters you need to use for provisioning your own root certificate can be found in the common.cfg file in the provisioning template for your Yealink phone type.
or
You can upload the root certificate manually on the Yealink web interface.
|
Yealink models
|
Menu path
|
|---|---|
|
T4x
|
Trusted Certificates | Tab Custom CA | Import Trusted Certificates
|
|
T5x
|
Trusted Certificates | Tab Custom CA | Import Trusted Certificates
|
If the provisioning of phones cannot be performed via multicast due to the network infrastructure, you can also distribute the provisioning URL (e.g. https://172.20.1.1:9200/ippbx/client/v1.0/device/provision/) via DHCP option 66.
In this case, your DHCP server must support HTTPS protocol.
To install the root certificate during a new provisioning
If you use your own certificate, make sure that you upload a valid trusted root certificate.
The SIP phones are being provisioned.To install the root certificate on already provisioned devices
If you use your own certificate, make sure that you upload a valid trusted root certificate.
The SIP phones will be provisioned again.