Reynaldo Sanchez
asked on
Yealink T58A phones download a CA certificate even when disabled
Skype for business 2019 Yealink T58A | Trusted Certificate
I need assistance with phones we recently purchased, all T58A handsets with Skype for business firmware.
I have tried all 3 latest available firmware and stuck with this version as it offered a simpler login screen for users.
Scenario:
Phones register correctly for as long as the trusted certificate is not present.
Periodically the handsets will populate with a CA certificate on line 1 even though everything is set to disabled below and then the users are unable to sign into the phones.
What is causing the phones to download the internal root domain CA certificate?
I need assistance with phones we recently purchased, all T58A handsets with Skype for business firmware.
I have tried all 3 latest available firmware and stuck with this version as it offered a simpler login screen for users.
Scenario:
Phones register correctly for as long as the trusted certificate is not present.
Periodically the handsets will populate with a CA certificate on line 1 even though everything is set to disabled below and then the users are unable to sign into the phones.
What is causing the phones to download the internal root domain CA certificate?
ASKER
Here I have a more graphic example, when I run Skype for Business on my computer this question appears on the certificate, I press connect and Skype connects to the server and everything works normal.
When I want to sign in on SfB's desktop phone, the certificate appears automatically and does not allow me to sign in and says registration failed, but if I delete the certificate everything works fine.
Please see the pictures.
skype_windows.png
skype_phone.png
When I want to sign in on SfB's desktop phone, the certificate appears automatically and does not allow me to sign in and says registration failed, but if I delete the certificate everything works fine.
Please see the pictures.
skype_windows.png
skype_phone.png
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
The first setting is for Only Accept Trusted Certificates. The wording is the key here, it says nothing about refusing all certificates.
Straight from the T48S admin guide with respect to that setting:
The second setting where you chose Disabled is Common Name Validation. This just gets into whether or not it will validate the Common Name on the certificate. Since you chose Disabled, it will simply skip the step of validating the Common Name.
From the admin guide for the T48S:
Have you looked at the certificate getting downloaded? Is it even the right one? And also look at where it would be downloading the certificate from. Should that certificate be there?