Sectigo's USERTrust RSA CA is not accepted by Yealink Phones in V84 and below versions


  • Model: Cloud PBX
  • Firmware Version: Any



1. Yealink phones can not be provisioned successfully by Cloud PBX although all settings are good.

2. Yealink phones can not get the LDAP contacts from Cloud PBX through LDAPS mode but the LDAP mode is working.



Sectigo's AddTrust External CA Root had expired in May 2020, so many users are offered with a renewed USERTrust RSA CA or COMODO RSA CA.


However, now Yealink phones only trust AddTrust and COMODO CAs by default, and USERTrust one is not included. Attached you could find the file: Yealink phones default trusted CAs-V84.

You can view the CA type through a web browser, here takes Google Chrome as an example.mceclip1.png



In this case, there are two recommended solutions for your reference:

1. Buy a new certificate from other certificate providers, that are supported by Yealink phones.


Please contact Yealink and make sure the new certificate will suit their phones before your purchase.

Yealink Website:


2. Please disable the 'Only Accept Trusted Certificates' on Yealink phones.

Alternatively, you might keep it enabled but you have to upload the USERTrust certificate manually to the phones.



*3. Please update the Yealink phones to below temporary versions which have fixed the bug. 

For more details, please turn to Yealink support:,T42S,T41S)-,T46U,T41U,T48U,T42U)-,T53W,T53)- 

As for EOS and EOL phone modules, they are not offered by Yealink.

Have more questions? Submit a request


Please sign in to leave a comment.