Phone Cannot Get Provisioned with Certificate Error
Last modified date: 2016/11/25 views: 5557
Description

When trying to auto provision Yealink phones, sometimes users cannot get devices to download the configuration files from server using DHCP option 66. Here are the original words from user:

“Customer has T28 phones, newest version. He has a Windows server and is trying to use option 66 to provision the phones automatically. Using wireshark he can see that the windows server is communicating with the phone and is offering the option 66 string but the phone is not auto populating the provisioning server field. “

 

Cause

The most probably reason is that the server is not trusted by Yealink phones. Here is the authentication logic on Yealink phones:

1.DHCP Server sends auto provision server URL to YL phones.

2.Phone turns to URL to request for provisioning files.

3.If HTTPS server is used, phone will first check whether the server is trusted or not by comparing the certificate applied on server and those pre-installed on phone. If the server is trusted phone download configuration files and get provisioned.

4.If the server is not trusted, phone will check the value of “Only accept trusted certificate” itself. If value=1, ends configuration process. If value=0, phone will ask for configuration file regardless of the certificate result.

 

Resolution

Therefore three methods are suggested:

 

Method 1: Disable parameter “Only accept trusted certificate”

Login to management page—go to Security—Trusted Certificates—disable “Only Accept Trusted Certificates”—save the changes and provision again.

Auto provision syntax: security.trust_certificates =##1=enable (default), 0=disable##

 41.png


 

Method 2: Upload custom certificates

Go to page below, select CA Certificates to Custom Certificates—browse for the customize certificate and upload—save changes and provision again.

 

 42.png

Auto provision syntax: server_certificates.url =  ##Upload customized certificate##

server_certificates.delete = ##Delete customized certificate##

 

Method 3: Use HTTP server instead.

 

More Information

The pre-installed certificates on Yealink phones are listed on page 268-269 of Administrator Guide (apply to all phone models) below:


Yealink   SIP-T2xP IP Phone Family Administrator Guide-V72

For more information about auto provision, please refer to:

Yealink SIP-T2XP phones Auto Provision User Guide_V72

 

For further support, please contact Yealink FAE by emailing to Support@yealink.com.


Product Type
SIP VP-T49G , SIP-T48G , SIP-T46G , SIP-T42G , SIP-T41P , SIP-T29G , SIP-T27P , SIP-T23G , SIP-T23P , W52P , VP530 , SIP-T38G , SIP-T32G , SIP-T28P , SIP-T26P , SIP-T22P , SIP-T21P , SIP-T20P , SIP-T19P
Version
All versions
200/200
Please login to post your comment