Administrator’s Guide for SIP-T2 /T3 /T4 /T5 /CP920 IP Phones
109
The IP phone can authenticate the server certificate based on the trusted certificates list. The trusted certificates list
and the server certificates list contain the default and custom certificates. You can specify the type of certificates the
IP phone accepts: default certificates, custom certificates or all certificates.
Common Name Validation feature enables the IP phone to mandatorily validate the common name of the certificate
sent by the connecting server. The security verification rules are compliant with RFC 2818.
Note
: Resetting the IP phone to factory defaults will delete custom certificates by default. However, this feature is con-
figurable by the parameter “static.phone_setting.reserve_certs_enable” using the configuration file.
Resetting the IP phone to factory defaults will delete trusted and server certificates settings by default. However,
this feature is configurable by the parameter “static.phone_setting.reserve_certs_config.enable” using the con-
figuration file.
Topic
Supported Trusted Certificates
Supported Trusted Certificates
Yealink phones trust the following CAs by default:
l
DigiCert High Assurance EV Root CA
l
Deutsche Telekom Root CA 2
l
Equifax Secure Certificate Authority
l
Equifax Secure eBusiness CA-1
l
Equifax Secure Global eBusiness CA-1
l
GeoTrust Global CA
l
GeoTrust Global CA2
l
GeoTrust Primary Certification Authority
l
GeoTrust Primary Certification Authority G2
l
GeoTrust Universal CA
l
GeoTrust Universal CA2
l
Thawte Personal Freemail CA
l
Thawte Premium Server CA
l
Thawte Primary Root CA
l
Thawte Primary Root CA - G2
l
Thawte Primary Root CA - G3
l
Thawte Server CA
l
VeriSign Class 1 Public Primary Certification Authority
l
VeriSign Class 1 Public Primary Certification Authority - G2
l
VeriSign Class 1 Public Primary Certification Authority - G3
l
VeriSign Class 2 Public Primary Certification Authority - G2
l
VeriSign Class 2 Public Primary Certification Authority - G3
l
VeriSign Class 3 Public Primary Certification Authority
l
VeriSign Class 3 Public Primary Certification Authority - G2
l
VeriSign Class 3 Public Primary Certification Authority - G3
l
VeriSign Class 3 Public Primary Certification Authority - G4
l
VeriSign Class 3 Public Primary Certification Authority - G5
l
VeriSign Class 4 Public Primary Certification Authority - G2
l
VeriSign Class 4 Public Primary Certification Authority - G3
l
VeriSign Universal Root Certification Authority
l
ISRG Root X1 (Let’s Encrypt Authority X1, Let’s Encrypt Authority X2, Let’s Encrypt Authority X3 and Let’s
Encrypt Authority X4 certificates are signed by the root certificate ISRG Root X1.)
l
Baltimore CyberTrust Root