Phone Cannot Get Provisioned with Certificate Error
Last modified date: 2019/06/17 Views: 13864

When trying to auto provision Yealink phones, sometimes users cannot get devices to download the configuration files from server using DHCP option 66. Here are the original words from user:

“Customer has T28 phones, newest version. He has a Windows server and is trying to use option 66 to provision the phones automatically. Using wireshark he can see that the windows server is communicating with the phone and is offering the option 66 string but the phone is not auto populating the provisioning server field. “



The most probably reason is that the server is not trusted by Yealink phones. Here is the authentication logic on Yealink phones:

1.DHCP Server sends auto provision server URL to YL phones.

2.Phone turns to URL to request for provisioning files.

3.If HTTPS server is used, phone will first check whether the server is trusted or not by comparing the certificate applied on server and those pre-installed on phone. If the server is trusted phone download configuration files and get provisioned.

4.If the server is not trusted, phone will check the value of “Only accept trusted certificate” itself. If value=1, ends configuration process. If value=0, phone will ask for configuration file regardless of the certificate result.



Therefore three methods are suggested:


Method 1: Disable parameter “Only accept trusted certificate”

Login to management page—go to Security—Trusted Certificates—disable “Only Accept Trusted Certificates”—save the changes and provision again.

Auto provision syntax: security.trust_certificates =##1=enable (default), 0=disable##



Method 2: Upload custom certificates

Go to page below, select CA Certificates to Custom Certificates—browse for the customize certificate and upload—save changes and provision again.



Auto provision syntax: server_certificates.url =  ##Upload customized certificate##

server_certificates.delete = ##Delete customized certificate##


Method 3: Use HTTP server instead.


More Information

The pre-installed certificates on Yealink phones are listed on page 268-269 of Administrator Guide (apply to all phone models) below:

For more information about auto provision, please refer to:

Yealink SIP IP Phones Auto Provisioning Guide_V83_13.pdf


For further support, please contact Yealink FAE by emailing to

Product Type
SIP-T58V , SIP-T58A , SIP-T56A , SIP VP-T49G , SIP-T48S , SIP-T48G , SIP-T46S , SIP-T46G , SIP-T42S , SIP-T42G , SIP-T41S , SIP-T41P , SIP-T40G , SIP-T40P , SIP-T29G , SIP-T27G , SIP-T23G , SIP-T23P , SIP-T21(P) E2 , SIP-T19(P) E2 , W60P , W53P , W56P , W52P , W41P , VP530 , SIP-T38G , SIP-T32G , SIP-T28P , SIP-T26P , SIP-T22P , SIP-T21P , SIP-T20P , SIP-T19P , SIP-T27P
All versions
Please login to post your comment